Y
Hacker News
new
|
ask
|
show
|
jobs
by
davedx
542 days ago
Wait wait. Why would you truncate it after input unless... you're storing it in plaintext?
2 comments
orblivion
542 days ago
Maybe the KDF gets really slow with a super long input.
link
zja
542 days ago
You truncate passwords to prevent DOS
link
lesuorac
542 days ago
Why not either show an error or do a client-side hash so there's a fixed length?
link
orblivion
542 days ago
Showing an error is probably the right thing. Client-side mitigations wouldn't prevent a DOS.
link