Agree, I was just commenting on why 255 in itself isn’t “weird”. I find myself doing comparisons of the “value == variable” type even in languages where you cannot assign by mistake. Some of us old farts code from muscle memory … :)

a limit of 255 character. Why not 256? Why such a weird number in general?

255 chars + ‘\0’ = 256

Not weird at all.

No, it most definitely does not need to be private. The idea with salt is to invalidate rainbow tables. If you’re “keeping it private” it’s just another password.

The salt and the password (or its version after key stretching) are concatenated and fed to a cryptographic hash function, and the output hash value is then stored with the salt in a database. The salt does not need to be encrypted, because knowing the salt would not help the attacker.

https://en.wikipedia.org/wiki/Salt_(cryptography)

Sure, but when we talk about the computation then the number of rounds is by far the more important factor compared to password length.

The discussion is about whether 24 characters indicate cleartext though - not whether password lengths should be in the gigabytes.

That’s the same as “cleartext” for someone who works in security though, since that means anyone with the private key can decrypt the password.

While I’m not arguing for doing the crypto client side, the salt isn’t needed to be private - only unique.

It does.

/80’s hacker turned Software Engineer turned Cybersecurity professional

Don’t worry, I’m autistic myself and understand how difficult it can be to parse “it’s thus irrelevant how many characters the user’s password consists of” to mean something besides “all implementations must accept an unlimited amount of characters”.

I do believe the point was understood by the general reader however.

I agree you might have threat actors looking to DoS your system if there’s a publicly exposed REST endpoint accepting gigabytes of data. That has nothing to do with the discussion on password hashing though.

It does. If you hash the user passwords, which you should, the hash is always the same length and it’s thus irrelevant how many characters the user’s password consists of.

Now, it’s not certain though, which wasn’t claimed either, because the front end developer might have other reasons for setting limits. The backend shouldn’t care though.

Might he recognize something in you that applies to him as well? Not saying you’re on the spectrum, but my kids are and when they what to talk about their current special interests they can go on forever.

I’d say be blatantly honest. You’re happy to listen, but sometimes you simply cannot because you need your alone time as well.

If you splash urine all over the place when peeing you’re sitting wrong.

No one needs urinals.

Case in point: No one has one in their home.

How do you define “communal”? In Europe it’s common to have fully enclosed “stalls” (basically rooms in themselves) - either with their own sinks or the sinks are indeed outside and shared by all.

The only reason your electrical grid works is because you use Norway and Sweden for balancing. As we also deploy more renewables, there won’t be enough balancing power unless more is built.

Can be hydro, nuclear, huge batteries etc. And at least Sweden is capped out on hydro.

We southern Swedes will never forgive you for forcing us to close down our perfectly working nuclear plant out of your irrational fears.

I mean, that can be misunderstood. Better to mix mom and dad into … “dom” … or why not “mad”?

Waydroid is pretty nice, integrating the Android apps as regular apps in the Linux UI.

This is an excellent opportunity for someone to start selling “Obama 2028” hats.

Don’t know about “London City techbros and finance bros” but in Sweden and Norway we prefer pure EV over hybrids.