Programmer Humor

38314 readers

9 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 6 years ago

MODERATORS

[email protected]

422

Creating a password in 2023 be like (programming.dev)

submitted 2 years ago by [email protected] to c/[email protected]

99 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Sonotsugipaa 36 points 2 years ago (28 children)

Infuriating fact: if a service has maximum password length limits (lower than 1000 characters), they're reversibly storing your password and if they're that lazy it's probably plain text

[–] [email protected] 1 points 2 years ago (1 children)

Not necessarily. There is another reason. Password hash functions like PBKDF2 are, by design, slow. Allowing extremely long passwords while using such a hash function creates a denial-of-service vulnerability.

Assuming the hash function takes proportionally more time to compute the hash of a longer password, of course. I believe they do, but I'm not certain.

[–] Sonotsugipaa 1 points 2 years ago

This is why I believe something like a 1000 character limit is reasonable, but a 14 one is not.

load more comments (26 replies)