Cybersecurity - Memes

2916 readers

2 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago

MODERATORS

[email protected]

856

Password length requirement (lemmynsfw.com)

submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]

156 comments fedilink hide all child comments

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 10 months ago (2 children)

Hashing on the client side is as secure as not hashing at all, an attacker can just send the hashes, since they control the client code.

[–] [email protected] 4 points 10 months ago

Then you can salt+hash it again on the server.

[–] [email protected] 3 points 10 months ago (1 children)

Hashing is more about obscuring the password if the database gets compromised. I guess they could send 2^256 or 2^512 passwords guesses, but at that point you probably have bigger issues.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

It's more about when a database gets leaked. They then don't even have to put in the effort of trying to match hashes to passwords. And that's what hashing a password protects against, when done correctly.