• 0 Posts
  • 10 Comments
Joined 1 year ago
Cake day: March 24th, 2024
  • bpev@lemmy.worldtoMildly Infuriating@lemmy.worldMy password is not accepted because it is too longEnglish
    4·
    4 months ago

    So this is *mathematically correct, but practically not really. Let me give you a longer (but still simplified) answer. There’s essentially two things here that are different:

    1. Does a longer password make your password more difficult to guess? (always yes)
    2. Does a longer password make accessing the content it protects more difficult (yes, to a certain point).

    The reason for #2 in digital systems is because of hashing, which is used to protect your password in the case of a data breach. Essentially, you can think of a hashing algorithm as a one-way algorithm that takes an input, and then always returns the same output for that input. One-way here means that you can’t use the hashed output to reverse-engineer the originally inputted password (you can’t unhash a hashbrown into the original potato 🥔). This is why if someone hacks Facebook, they don’t necessarily have your Facebook password; Facebook never saves your actual password anywhere. To login, the website hashes your password input, and compares it against the hash that they saved from your original password creation.

    Usually, the result of these algorithms is saved as a fixed-length string of characters. And so your data is mathematically not more safe if you exceed this length, since a random password combination can theoretically resolve to the same value as your super-long-password. This would depend on the algorithm being used / data being stored, but for example, bcrypt outputs a 184-bit hash (often represented as a 60-character string). So mathematically, your password is not more secure beyond 60 characters.

    However in practice, this is a non-issue, because I think that basically the only way that collisions like this are useful are for brute-forcing a password? And the chance of a password collision in this way is something like 1027-or-28 (being hit by lightning every day for 10,000 years)? The much easier solution for gaining access is to get your actual password. So if your password being longer makes it harder for people to guess, I’d say that adding security by way of #1 is still extremely valid.

  • bpev@lemmy.worldtoPrivacy@lemmy.mlWhat maps app do you use
    1·
    8 months ago

    Huh really? I haven’t had that issue. But we might be totally different use-cases; If I’m routing, I’m usually in major cities mapping a route via public transit. I quite like OrganicMaps for this, because it’s still quite stable in underground subways when internet is sus.

    edit: To be clear, I haven’t noticed issues when I map for driving either, but I’m admittedly not driving a crazy amount.

  • bpev@lemmy.worldtoPrivacy@lemmy.mlProton is dead (for me). Let's collect and discuss alternatives! ✊🛡
    9·
    8 months ago

    Yo so question for y’alls: what’s your opinion on using custom domain (for portability) vs masked emails?

    Rn I have my main emails on my personal domain, and then I have masked emails going through xxx@fastmail.com for more anonymity + segmenting (err i mean just being able to disable a certain address individually) . But watching all this reminded me that if I decided to move away from fastmail, i’m much more locked-in this way. Do y’alls use a custom domain for masked email as well? The one thing I don’t like about that is that it’d be so easy to connect multiple accounts based on domain, so anonymity is probably kinda broken.