this post was submitted on 10 Jan 2025
304 points (95.5% liked)

Cybersecurity - Memes

2063 readers
7 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188
neurohost
[email protected]
[email protected]
CannaVet
304
I hate passwords (feddit.org)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/cybersecuritymemes
54 comments fedilink hide all child comments
 

How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 week ago (1 children)

Ultimately we don't know the implementation. I've seen some bad sites like stealth truncating on the registration form but leaving the login form unbounded so the password you pasted in both times doesn't work.

Separate issue from truncating, I get suspicious when I see passwords capped to 16-20 chars for the reason you gave that they should be stored as fixed length hashes.

[–] kautau 1 points 1 week ago

That’s true, there’s no way to know what sort of back asswards string modifications are happening to the password before it makes it to a hashing function, if it ever does. But the OP did say they told him his previous password was too long, and he was required to change it, so they were either storing it in plaintext, or storing the length of it somewhere. One is really really bad, one is weird, but also bad