Hacker News new | ask | show | jobs
by darylfritz 3231 days ago
Why block anything at all? If I want my password to be unicode and emoji, what's the downside to the site?

I assume they're hashing all the passwords anyway.
2 comments
feld 3231 days ago
hint: they're not all hashing the passwords
link
jrimbault 3231 days ago
I always wonder what kind of magic those websites do with the string. Hashing has become so simple. When you hash you don't have to worry about special chars (encoding issues though). It's only when you have bad practices that you should worry about ;") in the password field.
link
jandrese 3231 days ago
I wonder how many sites have been taking down by SQL injection attacks inside of a password. That would take something of a perfect storm of bad design, which is why I'm pretty sure there are sites out there that are vulnerable.
link
twh270 3231 days ago
> I assume they're hashing all the passwords anyway.

Bad assumption. And many that do hash are using MD5 and don't bother salting.

link