this post was submitted on 28 Sep 2023
317 points (75.4% liked)

Games

32400 readers
1448 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 49 points 1 year ago (13 children)

You can also tell if a site does this when they have seemingly arbitrary restrictions on passwords that are actually database text field restrictions.

Especially if they have a maximum password length. The maximum password length should be just the maximum length the server will accept, because it should be hashed to a constant length before going into the database.

[–] [email protected] 3 points 1 year ago (1 children)

Especially if they have a maximum password length.

Not really, there are good reasons to limit password length. Like not wanting to waste compute time hashing huge passwords sent by a malicious actor. Or using bcrypt for your hashes, which has a 72 byte input limit and was considered the best option not that long ago. The limit just has to be reasonable; 72 lowercase letters is more entropy then the bcrypt hash you get out of it, for example.

[–] [email protected] 2 points 1 year ago

Yes, reasonable limits are fine, I was talking more like 12 or 13 characters max. That's probably indicative of a database field limit, and I've seen that a fair amount because my password manager defaults to 14 characters.

load more comments (11 replies)