this post was submitted on 18 Aug 2024
833 points (98.8% liked)

Cybersecurity - Memes

1995 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
833
submitted 3 months ago* (last edited 3 months ago) by cron to c/cybersecuritymemes@lemmy.world
 

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[–] herrvogel@lemmy.world 17 points 3 months ago (4 children)

What? The password should only receive the hashed password, and that's gonna have a fixed length. What's stored in the db should have the exact same length whether the password is 2 characters long or 300. If the length of the password is in any way a consideration for your database, you've royally fucked up long before you got to that point.

[–] x00z@lemmy.world 9 points 3 months ago

"Your password may not contain any quotes or backslashes"

[–] ChickenLadyLovesLife@lemmy.world 3 points 3 months ago

The answer is always a poorly coded everything.

[–] Ptsf@lemmy.world 1 points 3 months ago

There are going to be very few hashing algorithms that can take a certain byte value and hash it down into a unique smaller byte value. If you miscoded the database and stored the hashed passwords into a value of a fixed length, you have to abide by that length without some trickery or cleaveriness. Is that not the case? Every time I've seen this limitation in wild code that has been the case.

[–] Sibbo@sopuli.xyz 1 points 3 months ago

You are expecting a lot from someone who thinks a password needs a low maximum length. It makes sense to limit password length to avoid dos attacks, but certainly to something longer than 16.