but ... but ... everyone knows 'to 86' someone means to KILL THEM!!!!1
a bit harsh
troed
joined 2 years ago
Yeah, I mean, are we sure he's really born in the USA?
oh wow that really put the trust back into Ventoy. Nice! Thanks for the link
Agree, I was just commenting on why 255 in itself isn't "weird". I find myself doing comparisons of the "value == variable" type even in languages where you cannot assign by mistake. Some of us old farts code from muscle memory ... :)
a limit of 255 character. Why not 256? Why such a weird number in general?
255 chars + '\0' = 256
Not weird at all.
No, it most definitely does not need to be private. The idea with salt is to invalidate rainbow tables. If you're "keeping it private" it's just another password.
The salt and the password (or its version after key stretching) are concatenated and fed to a cryptographic hash function, and the output hash value is then stored with the salt in a database. The salt does not need to be encrypted, because knowing the salt would not help the attacker.
Sure, but when we talk about the computation then the number of rounds is by far the more important factor compared to password length.
The discussion is about whether 24 characters indicate cleartext though - not whether password lengths should be in the gigabytes.
That's the same as "cleartext" for someone who works in security though, since that means anyone with the private key can decrypt the password.
While I'm not arguing for doing the crypto client side, the salt isn't needed to be private - only unique.
It does.
/80's hacker turned Software Engineer turned Cybersecurity professional
Don't worry, I'm autistic myself and understand how difficult it can be to parse "it's thus irrelevant how many characters the user's password consists of" to mean something besides "all implementations must accept an unlimited amount of characters".
I do believe the point was understood by the general reader however.
I can see this work as a cab service. Pick me up at home and drop me off at my destination hotel/office. Within a single country this will shorten travel time enormously and for those paid enough by the hour that might come out to be cheaper than wasting time on travel.