In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)

Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.

  • Sonotsugipaa@lemmy.dbzer0.comEnglish
    31·
    3 days ago

    Plaintext password (693 chars):
    “hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2hunter2”

    Clientside SHA-512 hash (64 bytes):
    7399ed78effda820b2187bc70f0549dd67f6846c595f944d198a1f1136cd0ab91119d6f208a34b4419e969b9ffb326d3786cecb90828f0ab36a5e3835558740c

    — Client sends 64 bytes to the server —

    Serverside SHA-512 hash (64 bytes):
    25293199e10af10e8a20f4ab38abccd2cdccd762d8cba2ed4871a2aea8fe6d9ffcc54cfe1c9cbd03245bfd2f0ee1039f06083b7bcbefd91b7fcbba182d588983

    At no point the server has to deal with the length of the plaintext