Explore >> Select a destination
|
You are here 
|
dusted.codes | ||
| | | | |
pboyd.io
|
|
| | | | | Here's a fun list to look through: Dumb Password Rules. Most of the rules seem arbitrary, like only allowing digits, but some hint at deeper problems. For instance, preventing single-quotes. They aren't inserting passwords into a database without a SQL placeholder, right? Nearly every site on that list has a needlessly short maximum password size. If they're storing passwords correctly, there's no need for this. This post will go through a few bad ways to store a password and you can see what I mean.... | |
| | | | |
defuse.ca
|
|
| | | | | ||
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | ASVS states that passwords should be at most 128 characters. This originates from the idea that longer passwords take longer to hash, which can lead to a denial of service when an attacker performs login attempts with very long passwords. However, this is not generally true. With a proper hash function, longer passwords do not take a significantly longer time to hash. | |
| | | | |
blog.ikuamike.io
|
|
| | | |||
