384

Your password must also not contain the following character combinations: script, select, insert, update, delete, drop, --, ', /*, */. (lemmy.world)

submitted 6 months ago by ABasilPlant@lemmy.world to c/cybersecuritymemes@lemmy.world

59 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] frezik@midwest.social 8 points 6 months ago

Password strength checkers are taking an approach that's naive for this case. The actual strength depends on the size of the dictionary and the number of words you randomly choose out of it.

Bcrypt has a length limit of 72 characters, so very long passwords generated this way can be silently truncated. Developers can avoid this problem by running sha256 on the input before giving it to bcrypt, but that isn't common.

this post was submitted on 24 Jan 2024

384 points (98.5% liked)

Cybersecurity - Memes

1668 readers

504 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Sam1232188@lemmy.fmhy.ml

Alphadef@programming.dev

CannaVet@lemmy.world