this post was submitted on 17 May 2025
815 points (100.0% liked)

Mildly Infuriating

39675 readers
35 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.

Rules:

1. Be Respectful

Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...

2. No Illegal Content

Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...

3. No Spam

Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...

4. No Porn/ExplicitContent

-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...

5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts

-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...

6. NSFW should be behind NSFW tags.

-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...

7. Content should match the theme of this community.

-Content should be Mildly infuriating.

-The Community !actuallyinfuriating has been born so that's where you should post the big stuff.

...

8. Reposting of Reddit content is permitted, try to credit the OC.

-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...

Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense

Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
815
My password is not accepted because it is too long (lemmynsfw.com)
submitted 5 days ago by [email protected] to c/[email protected]
273 comments fedilink hide all child comments
 

In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)

Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 145 points 5 days ago* (last edited 5 days ago) (3 children)

I once registered an account with a random ~25 characters long password (Keepass PM) for buying tickets on https://uhuu.com.br/

The website allowed me to create the account just fine, but once I verified my e-mail, I couldn't log into it due to there being a character limit ONLY IN THE LOGIN PASSWORD FIELD. Atrocious.

EDIT: btw, the character limit was 12

[–] [email protected] 30 points 5 days ago

PayPal did the same. Registration took 40 characters, login only half of that. Editing the login form didn't work unfortunately.

[–] [email protected] 9 points 5 days ago (1 children)

It's pretty stupid because the longer the password the more secure it is.

[–] [email protected] 3 points 5 days ago (3 children)

I understand a cap of like 64 characters or something to keep storage space down for a company with millions of users. other than that it doesn't make a ton of sense.

[–] [email protected] 37 points 5 days ago (2 children)

That is a huge red flag if ever given as a reason, you never store the password.
You store a hash which is the same length regardless of the password.

[–] [email protected] 12 points 5 days ago

Youre right lol. I forgot that hash lengths are different from the actually password length.

[–] [email protected] 2 points 4 days ago

Although at some point you'll get collisions, but I don't think that's actually an issue. It still equally hard to guess a password from the hash, there will just be some solutions that are much longer than others.

[–] [email protected] 6 points 5 days ago* (last edited 5 days ago) (1 children)

The cap should actually be due to the hashing algorithm. Every password should be the exact same length once it is salted and hashed, so the actual length of the password doesn’t make a difference in regards to database size. The hash will be a set length, so the storage requirements will be the same regardless. Hashing algorithms have a maximum input length. IIRC the most popular ones return a result of 64-255 characters, and cap at 128 characters for input; Even an input of just “a” would return a 64 character hash. But the salt is also counted in that limit. So if they’re using a 32 character salt, then the functional cap would be 96 characters.

Low character caps are a huge red flag, because it means they’re likely not hashing your password at all. They’re just storing them in plaintext and capping the length to save storage space, which is the first mortal sin of password storage.

[–] [email protected] 1 points 4 days ago* (last edited 4 days ago)

You can easily get the hash of whole files, there is no input size constraint with most hashing functions.
Special password hashing implementations do have a limit to guarantee constant runtime, as there the algorithm always takes as long as the worst-case longest input. The standard modern password hashing function (bcrypt) only considers the first 72 characters for that reason, though that cutoff is arbitrary and could easily be increased, and in some implementations is. Having differences past the 72nd character makes passwords receive the same hash there, so you could arbitrarily change the password on every login until the page updates their hashes to a longer password hashing function, at which point the password used at next login after the change will be locked in.

[–] [email protected] 7 points 5 days ago

You never store passwords. They should be hashed and salted.

[–] [email protected] 5 points 5 days ago (1 children)

I’ve had this exact same thing happen.

I’ve also had it happen where you have the two fields to verify the password is the same. One had a maxlength set in it, and the other didn’t. I was for sure entering the same password and I was so confused until I opened up the dev tools and inspected the inputs.

[–] [email protected] 1 points 5 days ago

I’ve seen this behavior too, I forget where. For me it was a bit easier since the fields displayed a different number of stars. I did spend too long trying to figure out how my password manager could be failing that way