Holy shit fam

Attached: Untitled.png (751x417, 54K)

>nigger can't remember a 8 character long password
Smh

I’m sure he’s commenting on not being able to have a password longer than 16 characters

"password" is exactly 8 characters

>passwords must contain at least one letter

That's it.
>secure
?JÅ\

>Passwords must be original
>different from username
What are they keeping it all in plaintext?

Why do people even code this? I know the 8 character minimum is from DES and historical NIST rules, but why limit at 16 instead of 72 or something.

They're storing in plaintext and need to save space. It's obvious especially when they ask for a 2^n - 1 length password, you just know someone went
struct User
{
char name[32];
char password[16];
}

Holy shit cringe
Normal websites aren't programmed in C/C++

Entropy of 16 characters of lower case, upper case, digits: 95
Time it takes to break at 1 million operations per second: 1.5e15 years
I'm sure you can manage

None of those requires storing passwords in plaintext.

That doesn't mean it's being stored like that, it just has an intermediary step that's doing that. Every password is truncated at some point.

>Time it takes to break at 1 million operations per second: 1.5e15 years
Oh boy. Why does everyone fall for this shit. I saw even actual cryptographers fall for this "pure math" number bs.
If I know you have 16 char password I can bruteforce in 1ms if it is "aaaaaa...aaa" or wait hundrends of years if it is 'zzz...zzz' and if algo goes on few separate threads one of threads might just start on correct guess.

Attached: 1535349496745.jpg (1200x905, 102K)

Break this randomly generated base64 password passed through md5
2dcef3f1aa0a0c5e54477502b3594446

Attached: Cw2IsVnXAAgkBKd (1).jpg_large.jpg (1369x1183, 215K)

What the fuck

I know next to nothing about cryptography, but how would they know if your username is contained in the password? I can understand if your password and username are the same, but if it just has it in the password there should be no way for them to know right?

are you retarded?

before password hashing (on a normal site)
if (strpos($password, $username) !== false) {
echo 'password is shit sorry';
}

>hacking characters

the password is compared on the site before it's encrypted and sent off. so, it will see if the username is in it before and force you to change it.

>mom found the hacking characters

Attached: 1555509787294.jpg (705x527, 247K)

>(1).jpg_large.jpg
lmao

>probability is bullshit
>can't interpret probability in your own
Jow Forums - Subhumans

outlook.com used to simply ignore all characters beyond the first 16.
So if you had a long password they simply cut the rest off.

holy shit reked

password
>password must contain at least one uppercase letter
Password
>password must contain at least one number
Password1
>password must contain at least one symbol
Password1!
>password: weak, please try again
lrkwajfuhfldksahflaHluhdsufhkldsafaAAAARRGHGH
>password must contain at least one number

base64 is enough for me. I want my passwords to be printable characters not gobbledygook

Even worse, there's some local bank that forces you to use a maximum of 8 characters.

Go do your backend homework.

This can be validated in both client side and server side before hashing.

>That doesn't mean it's being stored like that, it just has an intermediary step that's doing that. Every password is truncated at some point.
no, they are hashed. often max size is whatever the web server is configured to accept for a post request, so like 2 MB

Twitter is being twitter

>mfw I use the hacking characters

Attached: Hacker-Fotolia_74489400_S.jpg (566x849, 85K)

what is that c?
Learn PHP like a normal person

Because they (e.g. Google, Facebook) store your passwords in plain text where they are read by thousands of bored employees with nothing better to do than to browse through all your stuff.