Hacker News new | ask | show | jobs
by shawabawa3 1818 days ago
no

basically the hashing algorithm they use strips out certain information, which means that e.g.

"PaSSWord123" "pAsswORD123" "PaSSWord123 " etc

all hash to the same value, and so are equivalent.
1 comments
sib 1818 days ago
>> "PaSSWord123" "pAsswORD123"

Wow - non-case-sensitive passwords seem like a bad idea...

link
CJefferson 1818 days ago
Not it's still case sensitive, you can just flip all the character's case. You are only losing "one bit" of password information.
link
cratermoon 1818 days ago
> it's still case sensitive, you can just flip all the character's case.

How is "flipping all the character's case" different from case-insensitive?

link
CJefferson 1818 days ago
They flip all character's case in one go, and also capitalise just the first character.

So, if your password was:

fishCAT

They would accept fishCAT, and also FISHcat and FishCAT, and that's it.

link
anoncake 1818 days ago
Pretty sure they don't do that for authentication.
link
CJefferson 1818 days ago
They do, you can see a discussion here: https://security.stackexchange.com/questions/68013/facebook-...
link
anoncake 1817 days ago
I didn't know it's still possible for Facebook to disappoint me.
link