this post was submitted on 18 Aug 2024
848 points (98.8% liked)
Cybersecurity - Memes
2015 readers
1 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You can also hash it on the client-side, then the server-side network and processing costs are fixed because every password will be transmitted using same number of bytes
You still need to deal with that on the server. The client you build and provide could just truncate the input, but end users can pick their clients so the problem still remains.
The server can just reject any password hash it receives which isn't exactly hash-sized.
That would take care of it, you do nead to salt & hash it again server side ofc.