822
submitted 5 months ago* (last edited 5 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] faltryka@lemmy.world 139 points 5 months ago

This is my biggest pet peeve. Password policies are largely mired in inaccurate conventional wisdom, even though we have good guidance docs from NIST on this.

Frustrating poor policy configs aside, this max length is a huge red flag, basically they are admitting that they store your password in plan text and aren’t hashing like they should be.

If a company tells you your password has a maximum length, they are untrustable with anything important.

[-] cron@feddit.org 82 points 5 months ago

Oh I had the same thought. Whoever limits password length probably has many other shitty security practices.

[-] slazer2au@lemmy.world 30 points 5 months ago

If a company tells you your password has a maximum length, they are untrustable with anything important.

Lemmy-UI has a password limit of 60 characters. Does that make it untrustworthy?

[-] cron@feddit.org 54 points 5 months ago

OWASP recommendation is to allow 64 chars at least:

Maximum password length should be at least 64 characters to allow passphrases (NIST SP800-63B). Note that certain implementations of hashing algorithms may cause long password denial of service.

The lemmy-UI limit is reasonably close and as everything is open source, we can verifiy that it does hash the password before storing it in the database.

There is a github issue, too.

[-] faltryka@lemmy.world 15 points 5 months ago

It being open source helps because we can confirm it’s not being mishandled, but it’s generally arbitrary to enforce password max lengths beyond avoiding malicious bandwidth or compute usage in extreme cases.

[-] unmagical@lemmy.ml 20 points 5 months ago

If a company tells you your password has a maximumn length, they are untrustable with anything important.

I would add if they require a short "maximum length." There's no reason to allow someone to use the entirety of Moby Dick as their password, so a reasonable limit can be set. That's not 16 characters, but you probably don't need to accept more than 1024 anyway.

[-] Valmond@lemmy.world 6 points 5 months ago

Why not? You're hashing it anyways, right?

Right?!

[-] phcorcoran@lemmy.world 12 points 5 months ago

Sure but if my password is the entire lord of the rings trilogy as a string, hashing that would consume some resources

[-] Valmond@lemmy.world 3 points 5 months ago

I think there are other problems before that 😂

[-] unmagical@lemmy.ml 5 points 5 months ago

Of course, but if you're paying for network and processing costs you might as well cap it at something secure and reasonable. No sense in leaving that unbounded when there's no benefit over a lengthy cap and there are potentially drawbacks from someone seeing if they can use the entirety of Wikipedia as their password.

[-] DaPorkchop_@lemmy.ml 2 points 5 months ago

You can also hash it on the client-side, then the server-side network and processing costs are fixed because every password will be transmitted using same number of bytes

[-] Valmond@lemmy.world 2 points 5 months ago

That would take care of it, you do nead to salt & hash it again server side ofc.

[-] unmagical@lemmy.ml 2 points 5 months ago

You still need to deal with that on the server. The client you build and provide could just truncate the input, but end users can pick their clients so the problem still remains.

[-] DaPorkchop_@lemmy.ml 2 points 5 months ago

The server can just reject any password hash it receives which isn't exactly hash-sized.

[-] frezik@midwest.social 2 points 5 months ago

Bcrypt and scrypt functionally truncate it to 72 chars.

There's bandwidth and ram reasons to put some kind of upper limit. 1024 is already kinda silly.

[-] Revan343@lemmy.ca 1 points 5 months ago

you probably don't need to accept more than 1024 anyway.

OWASP recommends allowing at least 64 characters. That would cover all of my passphrases, including the ones that are entire sentences

[-] AA5B@lemmy.world 1 points 5 months ago

I wonder if a lot of it is someone using their personal experience and saying “just a little bigger ought to cover it”

When I used my own passwords, I rarely used more than 12 characters, so that should be enough

All the password generators I’ve used default to about 24 chars, so 30 ought to be enough for anyone

[-] clearedtoland@lemmy.world 14 points 5 months ago

The number of government websites that I’ve encountered with this “limitation.” Even more frustrating when it’s not described upfront in the parameters or just results in an uncaught error that reloads the page with no error message.

[-] DarkDarkHouse@lemmy.sdf.org 2 points 5 months ago* (last edited 5 months ago)

Or accepts and silently truncates it 🤬

[-] chameleon@fedia.io 10 points 5 months ago

bcrypt has a maximum password length of 56 to 72 bytes and while it's not today's preferred algo for new stuff, it's still completely fine and widely used.

[-] DaPorkchop_@lemmy.ml 2 points 5 months ago

Wait, really? I always thought bcrypt was just a general-purpose hash algorithm, never realized that it had an upper data size limit like that.

[-] MotoAsh@lemmy.world 4 points 5 months ago* (last edited 5 months ago)

"If a company tells you your password has a maximum length..."

Uhhh no. Not at all. What so ever. Period. Many have a limit for technical reasons because hashing passwords expands their character count greatly. Many websites store their passwords in specific database columns that themselves have a limit that the hashing algorithm quickly expands passwords out to.

If you plan your DB schema with a column limit in mind for fast processing, some limits produce effectively shorter password limits than you might expect. EVERYONE has column limits at least to prevent attacks via huge passwords, so a limit on a password can be a good sign they're doing things correctly and aren't going to be DDOS'd via login calls that can easily crush CPUs of nonspecialized servers.

[-] wer2@lemm.ee 16 points 5 months ago

It doesn't matter the input size, it hashes down to the same length. It does increase the CPU time, but not the storage space. If the hashing is done on the client side (pre-transmission), then the server has no extra cost.

For example, the hash of a Linux ISO isn't 10 pages long. If you SHA-256 something, it always results in 256 bits of output.

On the other hand, base 64-ing something does get longer as the input grows.

[-] redxef@scribe.disroot.org 3 points 5 months ago

Hashing on the client side is as secure as not hashing at all, an attacker can just send the hashes, since they control the client code.

[-] DaPorkchop_@lemmy.ml 4 points 5 months ago

Then you can salt+hash it again on the server.

[-] wer2@lemm.ee 3 points 5 months ago

Hashing is more about obscuring the password if the database gets compromised. I guess they could send 2^256 or 2^512 passwords guesses, but at that point you probably have bigger issues.

[-] redxef@scribe.disroot.org 2 points 5 months ago* (last edited 5 months ago)

It's more about when a database gets leaked. They then don't even have to put in the effort of trying to match hashes to passwords. And that's what hashing a password protects against, when done correctly.

[-] frezik@midwest.social 7 points 5 months ago

Just in case someone runs across this and doesn't notice the downvotes, the parent post is full of inaccuracies and bad assumptions. Don't base anything on it.

[-] Sluyter548@lemmy.world 6 points 5 months ago

Can you not simply have a hashing algorithm that results in a fixed length hash?

[-] frezik@midwest.social 8 points 5 months ago

That would be all of them, yes.

[-] explodicle@sh.itjust.works 1 points 5 months ago

Why not just store the first X characters of the hashed password?

[-] frezik@midwest.social 1 points 5 months ago* (last edited 5 months ago)

The hash isn't at all secure when you do that, but don't worry too much about it. GP's thinking about how things work is laughably bad and can't be buried in enough downvotes.

[-] explodicle@sh.itjust.works 1 points 5 months ago

Where can I read more about how it's not secure?

[-] frezik@midwest.social 3 points 5 months ago* (last edited 5 months ago)

The Wikipedia article is probably a good place to start: https://en.wikipedia.org/wiki/Cryptographic_hash_function

Though I'd say this isn't something you read directly, but rather understand by going through cryptographic security as a whole.

To keep it short, cryptographic hashes make a few guarantees. A single bit change in the input will cause a drastic change in the output. Due to the birthday problem, the length needs to be double the length of a block cipher key to provide equivalent security. And a few others. When you chop it down, you potentially undermine all the security guarantees that academics worked very hard to analyze.

Even a small change would require going to a lot of work to make sure you didn't break something. And when you've read up on cryptography in general and understand it, this tends to be an automatic reflex.

None of which really matters. GP's big assumption is that the hash size grows with input size, which is not true. Hash size stays fixed no matter the input.

[-] primrosepathspeedrun@lemmy.world 2 points 5 months ago

also, if they think a strong password is only about types of characters. a dozen words from as many languages and 5+alphabets is just as good!

its to the point I don't bother remembering my passwords anymore, because this bullshit makes user-memorable-hard-to-machine-guess passwords impossible.

[-] Reverendender@sh.itjust.works 1 points 5 months ago

I am now very concerned about a certain medical implant device company

this post was submitted on 18 Aug 2024
822 points (100.0% liked)

Cybersecurity - Memes

2095 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 2 years ago
MODERATORS