Pro@programming.dev to Programming@programming.devEnglish · 1 day agoCursed knowledge we have learned as a result of building Immich that we wish we never knew.immich.appexternal-linkmessage-square42fedilinkarrow-up1115arrow-down13
arrow-up1112arrow-down1external-linkCursed knowledge we have learned as a result of building Immich that we wish we never knew.immich.appPro@programming.dev to Programming@programming.devEnglish · 1 day agomessage-square42fedilink
minus-squareMaestro@fedia.iolinkfedilinkarrow-up9·1 day agoYes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
minus-squarePhen@lemmy.eco.brlinkfedilinkarrow-up3·1 day agoImagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn’t.
minus-squareMaestro@fedia.iolinkfedilinkarrow-up4·1 day agoIt doesn’t matter. That will happen for both the stored hash and the entered password, so it still matches.
minus-squarePhen@lemmy.eco.brlinkfedilinkarrow-up1·15 hours agoAs long as it runs the same code, yes. But things may change, clients may pre-emptively split the string or stuff like that.
Yes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
Imagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn’t.
It doesn’t matter. That will happen for both the stored hash and the entered password, so it still matches.
As long as it runs the same code, yes. But things may change, clients may pre-emptively split the string or stuff like that.