Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
D--M22667yYour teacher is retarded, tell them an /actual/ professional is calling them retarded.
This is why we can't have nice things. Fucking dumbasses teaching retarded shit. -
@Electrux WPA requires a passphrase from 8 to 63 characters so that point is invalid.
-
hell165967yBut doesn't "more than 8" fit in "more than 5" ?
Your teacher looks like a scripted telemarketer that only knows what's inside his box and can't think outside. -
So according to them, having passwords longer than 8 characters is literally not a feature of a strong password
-
@Alice
Breaking login systems and databases with fun and insane passwords is my thing 😄 -
mundo0349117yHeres an idiot calling your teacher an idiot.
My router does not even allow me to use less than 8.
My router is also calling your teacher and idiot. -
kubre17077yOh fuck my password is longer than 8 chars long I should trim it to 6 to make it safe!
-
Huuugo25057yYou guys are very quick to judge the teacher even without knowing the context or seeing the full test
-
sSam14837y@azous well "more than 5" includes 6, 7, 8 and "more than 8", so the answer is not full. Also I believe the recommendation is AT LEAST 8 characters not MORE THAN 8 characters.
-
sSam14837yI was also thinking (I have 0 experience with security, just simple thinking) that long passwords are more insecure than medium length ones? Considering passwords are hashed.
-
Root797677y@sSam how would longer passwords be more insecure?
@huuugo In what situations would the teacher be correct? I've only come up with a few, very far-fetched scenarios, such as a not-pictured "translate this sentence from Hangul" or "write this exactly" -- but in either case, the advice is still poor. -
balte22917y@Root by putting on the test that they need to answer exactly like it was written in the book this can be graded false. if that wasn't written on it, then there is a pretty good case to have this answer counted as correct during review.
-
Root797677y@sSam While the chance of collisions does increase with length, it's still remarkably low. You'd have to drastically increase password length (by thousands of characters or more) before they were common enough to be a concern.
Also, with expensive hashing algorithms, brute forcing isn't really a concern anyway. Rainbow tables help find collisions, but salting renders existing rainbow tables useless anyway, so you'd still need to generate those. -
Root797677y@sSam existing rainbow tables are useless since they weren't generated with salts / not your salts.
Also, I meant that while increasing password length increases the number of collisions, it would do so slowly. Sorry I wasn't clearer. -
sSam14837y@Root yeah I get that, but trying first 64bytes will be enough for all passwords, not that it would take less than universe's life... My point is that having 30byte password will ensure you 30byte password. Whereas having 100byte password might give you a password between 1 and 64 bytes and you might not be that happy with 5byte password...
-
Root797677y@sSam There should be a flat chance of collisions between 0 bits and max_input_size bits. Past that it's hard to say. Many hashing algos simply truncate the input, meaning collision chance would stay the same.
-
retnikt67747y@lavandysh I did. He's a great teacher and he gave me the mark, but he said that in a real exam, a "correct" answer would be the only accepted one so I wouldn't have got the mark. It's only one mark and it's the only question I got "wrong"
-
I have some bad news for you all: if a site has a password max length then it probably doesn't use one way hashes
-
@lavandysh There are times when the teachers know it’s wrong but has to pressure the students into giving strictly textbook answers. An example would be public exams marked by possibly markers who may not actually know the material. As impossible as that sounds, this actually happens in certain countries.
-
justmove7317yThe school I was studying at did cut off validation after 8 chars. so 01234567 and 0123456789 is the same password for the system...
Also EA doesn't allow anything else than numbers and letters. Or at least they didn't last time I checked -
whatevel8727yIt would take a computer 53 decillion years to crack my password. That's azaming actually.
Related Rants
An actual "incorrect answer" in my exam paper.
rant
password length
worrying
security