836

I am going to violate the Geneva convention (lemmy.world)

submitted 1 month ago by Stamets@lemmy.world to c/memes@lemmy.world

54 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] Sharkwellington@lemmy.one 13 points 1 month ago* (last edited 1 month ago)

the rule where it couldn't be more than 12 characters long

This is the one I don't get. Sure you don't want people putting in an infinitely long password, but I like to have my passwords at around 15 characters. Why are you forcing me to make a less secure password?

Only reason I can think of is storage but even at a massive scale, this is text, paying for that storage would cost as much as a rounding error.

[-] dbx12@programming.dev 24 points 1 month ago

It's even worse. If done correctly, the length of the password does not affect the size of the stored value. Because if you're doing it right, you only save the hash of the password. And the length of the hash is fixed.

[-] thenextguy@lemmy.world 11 points 1 month ago

But they don't (shouldn't) store the actual password. They store a hash of the password, which is the same length regardless of length of the actual password.

[-] thanks_shakey_snake@lemmy.ca 9 points 1 month ago

There's a type of attack where you put absurdly large inputs into fields that perform expensive calculations, like password hashing... So imagine 100 computers spamming the login form with the whole Bee Movie script 10x per second (which would be a pretty small attack)... Cheap to send, expensive to process. As others mention, the storage should be cheap, because the hashed version of the password is all the same length.

So it makes sense for apps to have SOME upper limit... But it should be like 64 or 100 or 128 or 500 or something. 12 or 16 or 20 is just obnoxious.

[-] AnUnusualRelic@lemmy.world 2 points 1 month ago

My password generator is set to 24 characters. 12 or 15 seems a bit short.

this post was submitted on 11 Aug 2024

836 points (98.4% liked)

memes

9648 readers

3628 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

Sister communities

!tenforward@lemmy.world : Star Trek memes, chat and shitposts
!lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
!linuxmemes@lemmy.world : Linux themed memes
!comicstrips@lemmy.world : for those who love comic stories.

founded 1 year ago

MODERATORS

Tenthrow@lemmy.world

The_Picard_Maneuver@lemmy.world

The_Picard_Maneuver@startrek.website