Just take the string as bytes and hash it ffs

  • Saik0@lemmy.saik0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    And a meteor can hit my server the exact time you send your hash which will DOS you/others as well. What’s your point.

    The thread is talking about what it takes to store passwords. There is not DOS potential in a well designed system. Just because you want to arbitrarily conjure up bullshit doesn’t make that any less true.

    Rejecting large inputs != disallowing users to have large passwords. Why are you attempting to straw-man me here?

    • blackstrat@lemmy.fwgx.uk
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      You were saying the input size doesn’t matter because you only store the hash which is always the same size. What I’m saying is that the input size really does matter.

      You absolutely should set upper limits on all input fields because it will be abused if you don’t. Systems should validate their inputs, passwords included