Hacker News new | ask | show | jobs
by MartinCron 5616 days ago
Storing the CAPS LOCK and non caps lock hashes of a password seems utterly brilliant. I'm tempted to start doing that.
1 comments
sparky 5616 days ago
Might improve user experience a bit, but your password hashing scheme needs to take much longer if an attacker knows he can rule out lower-case letters.

For example, 8-character alphanumeric passwords:

((26*2)+10)^8 / (26+10)^8 = 77.4

You have 77 times fewer passwords of length 8 (probably worse than that, most people skew more towards letters than numbers), so it should take 77 times longer to test one.

link
Retric 5615 days ago
Caps lock does not remove lowercase letters, it swaps upper and lower case. <Caps Lock> + <Shift> <a> = a.

PS: Try it: ASdf becomes asDF.

link
epochwolf 5615 days ago
I think caps lock works differently on macs. I remember it making everything uppercase, regardless of whether the shift key was pressed.

My Mac is running Windows at the moment and I can't reboot into OSX to test for several hours, so someoneelse will have to confirm or deny this.

link
epochwolf 5614 days ago
Confirmed, capslock on OSX makes all letters uppercase. Shift is ignored.
link