this post was submitted on 10 Jan 2025
22 points (95.8% liked)

Cybersecurity - Memes

3347 readers
3 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
22
I hate passwords (feddit.org)
submitted 7 months ago* (last edited 7 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world
21 comments fedilink hide all child comments
 

How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?

you are viewing a single comment's thread
view the rest of the comments
[–] kautau@lemmy.world 1 points 7 months ago* (last edited 7 months ago)

Not how password hashing works. Demonstrated with sha256:

hunter2butitsreallylong:
a9953dfbfec699349341edc857dcfe5c7a617c81f312cf57297d5b852881bab3

hunter2:
f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7

a hash algorithm encompasses all provided data and returns a single fixed length data response

https://en.wikipedia.org/wiki/Cryptographic_hash_function

Any changes, even just removing a few characters, drastically changes the output of the hash function (https://en.wikipedia.org/wiki/Avalanche_effect)

You have no way of knowing a user password when you are storing hashes, you can't truncate them, and the user password length doesn't matter (up to a certain point where it's technologically dumb to hash user input over a certain amount of data)

I do agree however that changing / randomizing your password is important, as someone brute forcing or running rainbow tables etc on a hash dump can quickly attack a common password across different dumps