this post was submitted on 29 Mar 2025
905 points (98.8% liked)
Technology
68187 readers
5739 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I use that command partially because Microsoft accounts don't allow passwords as long as the password I like to use for my PC
Which suggests to me that MS stores plaintext passwords. Because a hash function doesn't care about the length of what it's hashing, the output will always be the same length, so they could verify a 300 character password with the same storage space as a 3 character password.
Not how it works. You don't attempt to guess the hashed password, you guess a password which then is hashed
What's stored is hash(password). Then the password check is stored == hash(entered).
Hash(x) will be the same length, regardless of what x is. What that length is depends on which hash function it is. So the database can set the length of its storage for each user's password to the length of the hash and the hash function will take any size password.