Cybersecurity - Memes

1891 readers

2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Alphadef@programming.dev

CannaVet@lemmy.world

830

Password length requirement (feddit.org)

submitted 3 weeks ago* (last edited 3 weeks ago) by cron to c/cybersecuritymemes@lemmy.world

171 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[–] faltryka@lemmy.world 136 points 3 weeks ago (36 children)

This is my biggest pet peeve. Password policies are largely mired in inaccurate conventional wisdom, even though we have good guidance docs from NIST on this.

Frustrating poor policy configs aside, this max length is a huge red flag, basically they are admitting that they store your password in plan text and aren’t hashing like they should be.

If a company tells you your password has a maximum length, they are untrustable with anything important.

[–] chameleon@fedia.io 10 points 3 weeks ago (1 children)

bcrypt has a maximum password length of 56 to 72 bytes and while it's not today's preferred algo for new stuff, it's still completely fine and widely used.

[–] DaPorkchop_@lemmy.ml 2 points 3 weeks ago

Wait, really? I always thought bcrypt was just a general-purpose hash algorithm, never realized that it had an upper data size limit like that.

load more comments (34 replies)