Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • exal@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Especially if they have a maximum password length.

    Not really, there are good reasons to limit password length. Like not wanting to waste compute time hashing huge passwords sent by a malicious actor. Or using bcrypt for your hashes, which has a 72 byte input limit and was considered the best option not that long ago. The limit just has to be reasonable; 72 lowercase letters is more entropy then the bcrypt hash you get out of it, for example.

    • hperrin@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Yes, reasonable limits are fine, I was talking more like 12 or 13 characters max. That’s probably indicative of a database field limit, and I’ve seen that a fair amount because my password manager defaults to 14 characters.