• 0 Posts
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle

  • Just to key in on the overlap between FOSS and privacy, because the source code for the software is open, it means that anyone can take a peek at how everything is running under the hood (among other things). It becomes possible to verify that software is storing data locally and properly encrypting when applicable (as opposed to blindly trusting the software’s author and or lawyers).

    It may also be a fun fact that best practice in encryption is to open source your algorithms. The helps safeguard against backdoors and mistakes/ errors that could compromise the security of the algorithm. Much for similar reasons as above, as it allows the security community to check your math (in a field where it is incredibly easy to get your math wrong).



  • I don’t know about a min length; setting a lenient lower bound means that any passwords in that space are going to be absolutely brute force-able (and because humans are lazy, there are almost certainly be passwords clustered around the minimum).

    I very much agree with the rest though, it’s unnerving when sites have a low max length. It almost feels like advertising that passwords aren’t being hashed, and if that’s the case there’s a snowball’s chance in hell that they’re also salted. Really restrictive character sets also tell me that said site / company either has super old infra or doesn’t know how to sanitize strings (or entirely likely both)…