Games

32463 readers

1068 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

Submissions have to be related to games
No bigotry or harassment, be civil
No excessive self-promotion
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
Mark Spoilers and NSFW
No linking to piracy

More information about the community rules can be found here.

founded 1 year ago

MODERATORS

[email protected]

323

Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

217 comments fedilink hide all child comments

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 1 year ago (1 children)

Especially if they have a maximum password length.

Not really, there are good reasons to limit password length. Like not wanting to waste compute time hashing huge passwords sent by a malicious actor. Or using bcrypt for your hashes, which has a 72 byte input limit and was considered the best option not that long ago. The limit just has to be reasonable; 72 lowercase letters is more entropy then the bcrypt hash you get out of it, for example.

[–] [email protected] 2 points 1 year ago

Yes, reasonable limits are fine, I was talking more like 12 or 13 characters max. That's probably indicative of a database field limit, and I've seen that a fair amount because my password manager defaults to 14 characters.