Attached: Untitled.png (751x417, 54K)
Holy shit fam
Jaxson Morgan
Michael Wright
>nigger can't remember a 8 character long password
Smh
Samuel Martin
I’m sure he’s commenting on not being able to have a password longer than 16 characters
Connor Clark
"password" is exactly 8 characters
Logan Jenkins
>passwords must contain at least one letter
Alexander Nelson
That's it.
>secure
?JÅ\
Xavier White
>Passwords must be original
>different from username
What are they keeping it all in plaintext?
Ian Young
Why do people even code this? I know the 8 character minimum is from DES and historical NIST rules, but why limit at 16 instead of 72 or something.
Nathaniel Nguyen
They're storing in plaintext and need to save space. It's obvious especially when they ask for a 2^n - 1 length password, you just know someone went
struct User
{
char name[32];
char password[16];
}
Brandon Jones
Holy shit cringe
Normal websites aren't programmed in C/C++
Entropy of 16 characters of lower case, upper case, digits: 95
Time it takes to break at 1 million operations per second: 1.5e15 years
I'm sure you can manage
Nathaniel Hall
None of those requires storing passwords in plaintext.
Isaac Bell
That doesn't mean it's being stored like that, it just has an intermediary step that's doing that. Every password is truncated at some point.
Charles Bell
>Time it takes to break at 1 million operations per second: 1.5e15 years
Oh boy. Why does everyone fall for this shit. I saw even actual cryptographers fall for this "pure math" number bs.
If I know you have 16 char password I can bruteforce in 1ms if it is "aaaaaa...aaa" or wait hundrends of years if it is 'zzz...zzz' and if algo goes on few separate threads one of threads might just start on correct guess.
Brandon Adams
Tyler Davis
Break this randomly generated base64 password passed through md5
2dcef3f1aa0a0c5e54477502b3594446
Josiah Russell
What the fuck
Samuel Cruz
I know next to nothing about cryptography, but how would they know if your username is contained in the password? I can understand if your password and username are the same, but if it just has it in the password there should be no way for them to know right?
Oliver Lopez
are you retarded?
Brody Reyes
before password hashing (on a normal site)
if (strpos($password, $username) !== false) {
echo 'password is shit sorry';
}
Evan Brooks
>hacking characters
Levi Richardson
the password is compared on the site before it's encrypted and sent off. so, it will see if the username is in it before and force you to change it.
Asher Watson
>mom found the hacking characters
Justin Thompson
>(1).jpg_large.jpg
lmao
Carson Bennett
>probability is bullshit
>can't interpret probability in your own
Jow Forums - Subhumans
Samuel Bailey
outlook.com used to simply ignore all characters beyond the first 16.
So if you had a long password they simply cut the rest off.
Owen Baker
holy shit reked
Noah Smith
password
>password must contain at least one uppercase letter
Password
>password must contain at least one number
Password1
>password must contain at least one symbol
Password1!
>password: weak, please try again
lrkwajfuhfldksahflaHluhdsufhkldsafaAAAARRGHGH
>password must contain at least one number
Gabriel Robinson
base64 is enough for me. I want my passwords to be printable characters not gobbledygook
Christopher Cruz
Even worse, there's some local bank that forces you to use a maximum of 8 characters.
Go do your backend homework.
This can be validated in both client side and server side before hashing.
Adam Gutierrez
>That doesn't mean it's being stored like that, it just has an intermediary step that's doing that. Every password is truncated at some point.
no, they are hashed. often max size is whatever the web server is configured to accept for a post request, so like 2 MB
Cameron Moore
Twitter is being twitter
Ethan Adams
>mfw I use the hacking characters
Jose Myers
what is that c?
Learn PHP like a normal person
Julian Nguyen
Because they (e.g. Google, Facebook) store your passwords in plain text where they are read by thousands of bored employees with nothing better to do than to browse through all your stuff.