Thread replies: 26
Thread images: 5
Thread images: 5
File: Cu1LmZFXEAE-xsH.jpg-large.jpg (6KB, 428x154px) Image search:
[Google]
6KB, 428x154px
Dear god
>>
>>57140052
site?
>>
>>57140073
this
what the fuck
>>
why would you even tell the user
GG you just gave script kiddies a password library
>>
>>57140052
Still better than other sites I've encountered
>your password must contain a lowercase letter, an uppercase letter, a number, a special character (+-*& only), no dictionary words, a space, the blood of your firstborn child, and must be between 6 and 7 characters long
>>
>>57140073
>>57140092
No clue, but I know this was posted on the software gore subreddit a few days ago. They found it but the comments were deleted because rules.
>>
File: 1458639864340.jpg (17KB, 316x239px) Image search:
[Google]
17KB, 316x239px
>your password can't be longer than 14 characters
>>
>>57140104
I don't see the issue.
>>
File: 14629405219.jpg (38KB, 236x272px) Image search:
[Google]
38KB, 236x272px
>>57140052
>please input all your passwords here, we just wanna check if someone else uses the same
>for your security of course
kek
>>
>>57140175
Easy to crack passwords for the site. You know that every password on the site has at least one of each of the given criteria and is either 6 or 7 characters, it really narrows shit down.
>>
>>57140190
Oh yeah didn't read the "between 6 and 7 chars long". That's pretty stupid.
>>
File: 7381622.jpg (21KB, 620x400px) Image search:
[Google]
21KB, 620x400px
>password must be less than x characters
>>
>>57140204
10 is enough though.
>>
>>57140326
16 or more characters should be necessary
>>
>>57140334
In a decade even 16 wont be enough
Every password setup must have timeouts after 3 failed attempts at the very least
>>
>>57140204
Is there literally any reason for this? I don't think any relevant hashing algorithm from the past 10 years cares how large the input is. Are they even hashing their passwords if they do this?
>>
>>57140363
>Every password setup must have timeouts after 3 failed attempts at the very least
That's not how compromised hashes work.
>>
>tfw your bank limits your password to five characters and only numerals are allowed
Like what the actual fuck. My Reddit account has a stronger password than my online bank account.
>>
>>57140455
>admitting to having a reddit account
That's pretty bad though, do they at least have some kind of protection against brute forcing?
>>
>password is too similar to the previous password
How the fuck would it even know that?
>>
>>57140092
>>57140052
You can do this with hashes as well dipshits
Not that it's a smart idea to do so.
>>
>>57140907
Jesus christ you're proud of being a complete retard
>>
>>57140907
No salt though.
Well at least it prevents more than one dipshit from picking 'password' or '123456'.
>>
File: ZBc98rW.png (1MB, 930x792px) Image search:
[Google]
1MB, 930x792px
>>57141031
>>57140907
Can't forget the salt now, can we?
>>
>>57140368
Some exec probably decided to limit password size to save money on disk space.
>>
>>57141298
The point is, you're not supposed to save the passwords in plain text. You're supposed to save hashes, which always have the same length. So a maximum length for passwords is a pretty strong indicator that something's very very fucked.
Thread posts: 26
Thread images: 5
Thread images: 5