844

Password length requirement (feddit.org)

submitted 1 month ago* (last edited 1 month ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

172 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[-] viking@infosec.pub 12 points 1 month ago

Makes you wonder if they store the password in plain text, or convert to lower key during your first input so it's at least hashed. I wouldn't be surprised if it's not.

[-] lseif@sopuli.xyz 10 points 1 month ago

they store the passwords as filenames on a windows system

[-] subignition@fedia.io 4 points 1 month ago

Put a colon in your password and crash the whole system

[-] lseif@sopuli.xyz 2 points 1 month ago

set your password as GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} for infinite money glitch

[-] JustAnotherRando@lemmy.world 4 points 1 month ago* (last edited 1 month ago)

I don't think it could be hashed if it is case insensitive. It's fairly early so I may be misremembering but I'm not aware of any hashing algo that ignores case.

Edit: Ah, actually they could be storing the password as a hash, but they would probably have to do like a password. ToLower() call or something where they morphed the string before checking... The thought of which just makes me shudder.

this post was submitted on 18 Aug 2024

844 points (98.8% liked)

Cybersecurity - Memes

1893 readers

1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

Sam1232188@lemmy.world

neurohost@lemmy.world

Alphadef@programming.dev

CannaVet@lemmy.world