Comment on Larion Studios forum stores your passwords in unhashed plaintext.

<- View Parent
exal@lemmy.ca ⁨1⁩ ⁨year⁩ ago

Especially if they have a maximum password length.

Not really, there are good reasons to limit password length. Like not wanting to waste compute time hashing huge passwords sent by a malicious actor. Or using bcrypt for your hashes, which has a 72 byte input limit and was considered the best option not that long ago. The limit just has to be reasonable; 72 lowercase letters is more entropy then the bcrypt hash you get out of it, for example.

source
Sort:hotnewtop