Just take the string as bytes and hash it ffs

  • @Eiri
    link
    English
    544 months ago

    You remind me of my bank about 17 years ago. Everyone had to have a 10-character password, exactly, and it had to include exactly 2 numbers and 1 symbol. I wasn’t very knowledgeable about computers at the time and it already felt dumb.

    • @Wogi
      link
      English
      364 months ago

      A few years ago my ISP pushed an update to my router that changed the password requirements, invalidating my passwords. Because I couldn’t enter the old password I also couldn’t change the password. I had to do a factory reset.

      • JackbyDev
        link
        fedilink
        English
        204 months ago

        Feels odd to check the password requirements on the enter password screen in addition to the new password screen.

        • @[email protected]
          link
          fedilink
          English
          34 months ago

          Might be checking the old password on the new password screen. Easy programming mistake to make I guess? Apply the same validation to all 3 password fields…

          • JackbyDev
            link
            fedilink
            English
            24 months ago

            Ahhh, good catch! You are probably a master of code reviews and QA!

      • @Eiri
        link
        English
        54 months ago

        Wow that’s a big oops

      • @Glitterbomb
        link
        English
        24 months ago

        ISP worker here. Our chosen routers default to an 8 digit password, the first 4 are the last 4 of the mac in hex, which anyone can easily see being broadcast by the wifi network. The last 4 are a part of a unique serial number, but its just 0-9. Ultimately, if you try to brute force this default password, you need 10000 tries. It takes a regular GPU 2 minutes with hashcat. It baffles my mind that companies think this is OK.

    • @[email protected]
      link
      fedilink
      English
      154 months ago

      17 years ago, jeez. My credit Union’s website is like that. Only its between 8-12 characters. No more, no less.

      It’s terrifying.

    • @[email protected]
      link
      fedilink
      English
      114 months ago

      At that time my bank allowed up to 6 digits as a password. I kid you not, like a card PIN but for online banking login. I believe the whole banking security relies on their backoffices still running on paper.

      • @Eiri
        link
        English
        44 months ago

        That’s what my current bank uses for the web portal now to think of it. Client number, and 6-number PIN. I guess they’re only doing this because they really trust their “unusual activity” protocols, but I’ve got a feeling they really shouldn’t only rely on those.