this post was submitted on 17 Jul 2023
422 points (88.6% liked)

Programmer Humor

32571 readers
143 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Sonotsugipaa@lemmy.dbzer0.com 35 points 1 year ago (26 children)

Infuriating fact: if a service has maximum password length limits (lower than 1000 characters), they're reversibly storing your password and if they're that lazy it's probably plain text

[–] Xandris@kbin.social 8 points 1 year ago (10 children)
[–] Downcount@lemmy.world 14 points 1 year ago (8 children)

Yeah, you actually better not save the users passwords in plain text or in an encrypted way it could be decrypted. You rather save a (salted) hashed string of the password. When a user logs in you compare the hashed value of the password the user typed in against the hashed value in your database.

What is hashed? Think of it like a crossfoot of a number:

Let's say you have a number 69: It's crossfoot is (6+9) 15. But if someone steals this crossfoot they can't know the original number it's coming from. It could be 78 or 87.

[–] Xandris@kbin.social 2 points 1 year ago

i was more wondering why a length limit implies anything about how they're storing the password. once they receive the password they're free to hash it any which way they want

random memory—yahoo back in the day used to hash the password in the browser before sending it to the server, but TLS made that unnecessary i guess

load more comments (7 replies)
load more comments (8 replies)
load more comments (23 replies)