Title text: My password is just every Unicode codepoint concatenated into a single UTF-8 string.


Transcript

[Cueball carries an open laptop over to Ponytail, holding it in both hands. The screen shows a box filling the screen with some text on lines. Ponytail is sitting in an office chair with her laptop at her desk. She has turned her head away from the computer looking at Cueball’s screen.]

Cueball: Can you help me with my account?
Ponytail: Oh no.

[Cueball holds his laptop up in front of Ponytail who has turned the chair so she faces him, with her hands in her lap. Her table is not drawn.]

Cueball: No no, I promise it’s a normal problem this time.
Ponytail: Okay. Fine. What is it?

[Cueball holds both hands out palm up towards Ponytail who is sitting with his laptop in her lap typing on it.]

Cueball: I included a null string terminator as part of my password, and now I can’t-
Ponytail: How?!
Cueball: They said to use special characters!


    • JakyllaOP
      link
      fedilink
      English
      61 year ago

      “This wouldn’t take spaces or periods” … and doesn’t know itself

      = Potential security flaw discovered

  • palordrolap
    link
    fedilink
    61 year ago

    Heh. I remember at one place, my password wasn’t liked very much by the account creation script the sysadmin wrote. The password started with a dollar sign and I think that was being inadvertently parsed as a $variable somewhere.

    Thinking about it, I have to wonder what would have happened if the password started and ended with backticks. Bobby Tables moment?

    (The thought also occurs now that he might have been siphoning off the passwords something, but even though some of my generation (and moreso previous generations) are known for using the same password for everything, this was in the days before the Web really took off, so most people would have only had one place where they used a password: that system.

    The system wasn’t encrypted, and being the sysadmin, he had access to everything and to change passwords anyway, so keeping plaintext passwords would have been a pointless endeavour.)