Post 9kKdbSdxNhNCqtwJbU by danielst@social.librem.one
(DIR) More posts by danielst@social.librem.one
(DIR) Post #9k3dBlCVVP6YlWss0u by flab@freesoftwareextremist.com
2019-06-21T02:32:23.917589Z
12 likes, 13 repeats
You wanna know how I know #libremone / #purism are mishandling passwords?1561084038.png
(DIR) Post #9k3qZO0yf1qbD45Smu by roserin@weirder.earth
2019-06-21T05:00:46Z
0 likes, 0 repeats
@flab oh damn seriously?
(DIR) Post #9k3qZOBc1UM1k33xMe by flab@freesoftwareextremist.com
2019-06-21T05:02:18.455199Z
0 likes, 0 repeats
@roserin try it if you don't believe me.I use pwgen to make passwords and naturally I enable as many possible options as I can (the only measure of a password that matters is entropy) and... yeah. I just closed the tab with the registration form.
(DIR) Post #9k4rKdVB5lh00ihgEC by happynigger@pawoo.net
2019-06-21T16:45:34Z
0 likes, 0 repeats
@flab Lel.
(DIR) Post #9k66zmYi14AORZOQpk by jellypotato@catgirl.science
2019-06-21T07:40:56.858692Z
1 likes, 0 repeats
@flab heh, pleroma crops it to "assphrase"image.png
(DIR) Post #9k673qPBeoHfX0sNyi by masterofthetiger@theres.life
2019-06-21T15:20:05Z
1 likes, 0 repeats
@flab Ouch. If they are hashed and salted and all of that, then there should be no reason to restrict common characters....
(DIR) Post #9k67jLD61uRawc0Yr2 by flab@freesoftwareextremist.com
2019-06-22T07:24:02.458553Z
0 likes, 0 repeats
@masterofthetiger there's no reason to restrict any characters at all. I should be able to have a password that's 1024 UTF-16 Arabic characters if I want. If your code is parsing/reading the raw password string, that's broken and wrong. It should go immediately into a hashing function.This is why I love pwgen for making passwords. I'm stunned how often I get that kind of a message. I expect big banks to be "doing it wrong" but I hold purism to a higher standard.I'm going to get even more nutty and start throwing a few فلس into my password strings, see what else I can break.
(DIR) Post #9k82pUqeztwR7SY7xA by c@honk.meme.technology
2019-06-22T17:59:21Z
0 likes, 1 repeats
@flab Set your password to https://zhovner.com/tmp/killwebkit.html and see how many unpatched macOS servers you can crash
(DIR) Post #9kKdbSdxNhNCqtwJbU by danielst@social.librem.one
2019-06-29T07:20:43Z
1 likes, 0 repeats
@masterofthetiger @flab I guess you could check the source.Alternatively, they want to avoid trouble with one of the many supported clients, maybe even just a command line tool.You don't want to handle this kind of support request 😎
(DIR) Post #9kKdba6vcNhu0mY3EW by flab@freesoftwareextremist.com
2019-06-29T07:27:06.582765Z
0 likes, 0 repeats
@danielst @masterofthetiger maybe its just a decade of living in bash but there's no reason you can't handle those characters either, as far as a CLI tool goes.If clients can't parse those strings either, those are more bugs.
(DIR) Post #9kKfWeEz2GPDHT5ifQ by danielst@social.librem.one
2019-06-29T07:42:59Z
1 likes, 0 repeats
@flab @masterofthetiger Didn't say it's a real problem. Just that some users will fail and open a ticket "can't get vpn to work".That's probably the most valid reason I could think of.Better than Apple not actually disabling wifi when you disable it, to avoid "Internet broken" support cases 😜