Learn More
Resend Email
41
holl
7y

"please use a secure password*"

* But don't make it too secure, 20 Charakters is enough.

Why would you fucking do this? The only reason I can think about is a scenario like this:
"How do we store the passwords in the database?"
"Just like anything else?"
"So I create a VARCHAR(20)?"
"Yeah why not? It's good enough for a name, and you shouldn't use your or anyone else's name as a password, so it should be perfect"

rant

database

security

password
Favorite
Ranter
Comments
  • 22
    7y
    Can’t even enter CorrectHorseBatteryStaple 0/10
  • 4
    7y
    I've also come across a website that refuses special characters (I seem to remember it was the English government site).

    Tasty, right?
  • 7
    7y
    Registered to a finances(!) related site today. Entered a 100 chars long password.

    "Your password is too long"

    Wow thanks guys, not only my passwords have to be smaller I also have to guess their size.

    Proceeded to half the size of the pass until I got to the incredible value of 20 max chars. FML, or rather f.uck my wallet, if someone with a decent brain size finds out...
  • 1
    7y
    Hmm... if they're hashing your password, it shouldn't matter how long the password is, no?
  • 0
    7y
    But I guess passwords are stored as MD5 or some similar hash whose size is constant, I haven't seen someone storing passwords in a database in plain text
  • 1
    7y
    If you directly hash the passwords with bcrypt, a really long password could halt your thread for a long time. Could be used for DoS attacks. Dropbox first hashes all passwords with SHA-256 IIRC to make them all the same length so it doesn't affect execution time.
  • 1
    7y
    @acsim well, exactly that is my fear..
  • 3
    7y
    @acsim you would hope they're hashing the password... Many sites do not do this.
  • 0
    7y
    @brogrammerology salting is enough
  • 0
    7y
    @Jop- yeah. What I mean is that if the length of the hashed password, if hashed, is gonna be the same, it makes no sense to limit the password input form. Every modern framework comes with a default hashing for their user's password. You literally have to go out of your way to make your system less secure.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment