848
submitted 4 months ago* (last edited 4 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] explodicle@sh.itjust.works -1 points 4 months ago

Why not just store the first X characters of the hashed password?

[-] frezik@midwest.social 1 points 4 months ago* (last edited 4 months ago)

The hash isn't at all secure when you do that, but don't worry too much about it. GP's thinking about how things work is laughably bad and can't be buried in enough downvotes.

[-] explodicle@sh.itjust.works 1 points 4 months ago

Where can I read more about how it's not secure?

[-] frezik@midwest.social 2 points 4 months ago* (last edited 4 months ago)

The Wikipedia article is probably a good place to start: https://en.wikipedia.org/wiki/Cryptographic_hash_function

Though I'd say this isn't something you read directly, but rather understand by going through cryptographic security as a whole.

To keep it short, cryptographic hashes make a few guarantees. A single bit change in the input will cause a drastic change in the output. Due to the birthday problem, the length needs to be double the length of a block cipher key to provide equivalent security. And a few others. When you chop it down, you potentially undermine all the security guarantees that academics worked very hard to analyze.

Even a small change would require going to a lot of work to make sure you didn't break something. And when you've read up on cryptography in general and understand it, this tends to be an automatic reflex.

None of which really matters. GP's big assumption is that the hash size grows with input size, which is not true. Hash size stays fixed no matter the input.

this post was submitted on 18 Aug 2024
848 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS