this post was submitted on 28 Feb 2024
990 points (97.1% liked)

Memes

8573 readers
654 users here now

Post memes here.

A meme is an idea, behavior, or style that spreads by means of imitation from person to person within a culture and often carries symbolic meaning representing a particular phenomenon or theme.

An Internet meme or meme, is a cultural item that is spread via the Internet, often through social media platforms. The name is by the concept of memes proposed by Richard Dawkins in 1972. Internet memes can take various forms, such as images, videos, GIFs, and various other viral sensations.


Laittakaa meemejä tänne.

founded 2 years ago
MODERATORS
 

(skeletor is leading by example by adding that unnecessary apostrophe...)

you are viewing a single comment's thread
view the rest of the comments
[–] tool@lemmy.world 5 points 10 months ago

While on the topic, this isn't how passwords work in systems.

Passwords are stored as one way hashes. So it's cryptoed only in one direction, it's lossy, and can't be recovered back to the original password.

When you log on, your cleartext PW is hashed in ephemeral memory/storage and then the cleartext password is thrown away.

That hash is compared to the hash in the DB. If the hash matches, then you have access. If it doesn't, then your PW is incorrect.

Oh my sweet Summer Child. This is definitely how it's supposed to work, but there are plenty of services that just don't know what the fuck they're doing.

Have you ever been on a site that has a stupid-low character limit for a password? There's literally no reason to do that, all the hashes are going to end up the same size in the DB anyway regardless of the original string length. Even bcrypt's max secret character limit is 70-something characters.

Ever change a password and have it not work on the next login because they're silently truncating it after a certain character limit? Ever get an email with an actual password in it?

The only reason you would do things like this is if you're storing/processing passwords in plaintext and not hashing it client-side first.

I can think of 3 offenders of this off the top of my head. It's a lot more common than you'd think.