Dear {everyone who writes software that has logins or full-name usernames}
-
Dear {everyone who writes software that has logins or full-name usernames}
Please hire some people with diverse names. Stupid name rules like no spaces, no special characters, no lower-case starts to words in a name – let alone presence of so-called "conventional" name elements (surname, forename, middle names, etc.) need to be dumped in a ditch forever. #UX
-
JustRosyreplied to Preston von Gabbledück last edited by
@backupbear The no-spaces thing doesn't work for passwords because the algorithms used to mask them read spaces as literally nothing being there at all. I don't know that that's fixable, tbh.
-
Grumpy Grimnir :verified:replied to JustRosy last edited by
@JustRosy @backupbear Er ... almost all passwords are hashed for storage and there's no problem with spaces :-
✗ mike@pica» echo "Hello There" | md5sum
a82fadb196cba39eb884736dcca303a6 -
✓ mike@pica» echo "HelloThere" | md5sum
dbd128f6b99859b1c82362d58fa5c37b - -
JustRosyreplied to Grumpy Grimnir :verified: last edited by
@grumpygrimnir @backupbear I'd have to work that one out for myself to see it in action. As I just said, I'm not a programmer, but have been working with this for over 30 years now. I can tell you what I've been taught and what I've seen, and what of it I've done so far for learning programming. As for the hashing, that looks like a checksum, but that's not what we're doing here, so I have to ask: what software are you using to generate the hashes?
-
Grumpy Grimnir :verified:replied to JustRosy last edited by
@JustRosy @backupbear I'm using md5sum; not software that's used today, but the concept is very similar. Passwords are generally stored with a one-way cryptographic hashing algorithm with additional "salt".
-
JustRosyreplied to Grumpy Grimnir :verified: last edited by
@grumpygrimnir @backupbear Well, I found this thing. This should do what you're talking about, right?
MD5 Hash Generator
A tool for creating an MD5 hash from a string. Use this fast, free tool to create an MD5 hash from a string.
(www.md5hashgenerator.com)
-
@JustRosy @grumpygrimnir @backupbear
Don't just hash. Use an algorithm designed for password hashing, with a "salt".
https://markilott.medium.com/password-storage-basics-2aa9e1586f98 -
@mattdm @JustRosy @grumpygrimnir @backupbear Even a salt is insufficient - a good password hashing algorithm needs a salt, needs to be slow (iterative), and needs to be tunable (so it can be slowed down as computers speed up).
Bcrypt and Scrypt were the classics, but I've been out of that game for awhile
-
@iagox86 @JustRosy @grumpygrimnir @backupbear
Sorry, I see that was unclear. "With a salt" was meant to be addictive, not descriptive.