this post was submitted on 13 Jun 2023
1 points (100.0% liked)

Mlem for Lemmy

5525 readers
6 users here now

Official community for Mlem, a free and open-source iOS Lemmy client.

Rules

  1. Keep it civil.
  2. This is a forum for discussion about Mlem. We welcome a degree of general chatter, but anything not related to Mlem may be removed at moderator discretion. This is not a forum for iPhone/Android debate. Posts and comments saying nothing but "iOS bad/I use Android" will be removed as off-topic.
  3. We welcome constructive criticism, but ask that it be both precise and polite.

FAQ

Download Mlem for iOS

GitHub

Website

Donate to Mlem

founded 2 years ago
MODERATORS
 

I have been trying for days to log in. No matter what I do, I keep getting could not connect to [server]. I tried for days and it didn't work.

Then I realized. I have a password manager installed, and I let it pick its longest password length (100 characters). I reduced it to 32 characters, and my login immediately worked.

Lemmy itself supports huge passwords, but it seems as if mlem does not. I do not know how long your password can be before mlem pukes on its own shoes, but it's somewhere between 32-100 haha.

top 3 comments
sorted by: hot top controversial new old
[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

The web UI trims passwords to 60 characters. I assume Mlem doesn’t and the API doesn’t either or just flat out rejects the request if the password is too long.

[–] [email protected] 0 points 1 year ago (1 children)

Wow, trimming passwords without telling the password owner is a terrifying behavior.

Also, having a password limit at less than 256 chars is silly in the modern world of password managers, and even 256 is a completely arbitrary limit i pulled out of my ass.

Why does the lemmy platform require short passwords, i wonder? nobody with any sense of modern, or even out-dated decades ago, sense of security stores passwords raw anymore, and hasn’t forever because it was recognized as a terrible idea and a bad pattern decades ago.

[–] [email protected] 1 points 1 year ago

I mean there needs to be a limit, because hashing a password is, by design, resource intensive. Also, Lemmy uses bcrypt for password hashing which supports up to 72 bytes, so the limit can't be any higher than that. It should probably be indicated somewhere though, I agree. I was also caught off guard by it but realistically 60 characters is more than enough... it's more entropy than the hash you get out of it, if it's random.