this post was submitted on 18 Aug 2024
846 points (98.8% liked)
Cybersecurity - Memes
1964 readers
2 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It's all fun and games until someone realizes they can just create lots of accounts with large passwords and fill your space.
Not a problem because passwords are hashed, which means they take up a fixed size, and you should have form upload size limits anyway.
One would hope so anyway,
The above conflicts directly with OP's
Accept any utf8 string
I opened an account in 2014 and I'm still uploading my password.
If you aren't required to use an upload manager, are you really setting a solid password :thinking:
Can't trust an upload manager not to be hacked. I employ a team of typists in India.
Ok. Take up to 65,536 bytes of utf8 string. Or better yet. Accept any password length. I mean any. But instead of transmitting it you bcyrpt on their machine and then use the resulting key to hmac sign a recent timestamp that can't be reused.