Just take the string as bytes and hash it ffs

  • @[email protected]
    link
    fedilink
    English
    12 months ago

    You were saying the input size doesn’t matter because you only store the hash which is always the same size. What I’m saying is that the input size really does matter.

    You absolutely should set upper limits on all input fields because it will be abused if you don’t. Systems should validate their inputs, passwords included

    • Saik0
      link
      fedilink
      English
      12 months ago

      And I showed you a way that we can make it so it doesn’t matter.

      Force local hash -> Hash/salt what you get. Password can be a million characters long. You’ll only ever get like 128 characters.

      Nothing I talked about said to not validate inputs. Just that we don’t have to limit a persons password selection.