top | item 42444499

(no title)

vwkd | 1 year ago

Ah, that's one of those websites that accept a password of any length without error, truncate it, and show you a "wrong password" the next time you try to log in. Then you go through password reset roulette until you find a short enough password that works. Don't do this.

discuss

davedx|1 year ago

Wait wait. Why would you truncate it after input unless... you're storing it in plaintext?

orblivion|1 year ago

Maybe the KDF gets really slow with a super long input.

zja|1 year ago

You truncate passwords to prevent DOS