this post was submitted on 26 Oct 2024
114 points (93.8% liked)

Technology

59422 readers
2978 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
top 25 comments
sorted by: hot top controversial new old
[–] kate@lemmy.uhhoh.com 25 points 3 weeks ago (1 children)

obligatory bcrypt is not encryption

[–] wholookshere@lemmy.blahaj.zone 24 points 3 weeks ago (1 children)

Correct but you also dont want an encrypted password. You want a hashed password.

[–] kate@lemmy.uhhoh.com 6 points 3 weeks ago (1 children)

this is true, and the name bcrypt can be misleading to non experts. i don’t blame them for getting this wrong in a pr statement 🤷‍♀️

[–] wholookshere@lemmy.blahaj.zone 5 points 3 weeks ago

Encrypted is also the word to make people feel safer.

[–] PotatoesFall@discuss.tchncs.de 13 points 3 weeks ago (1 children)

bcrypt... with how many iterations? seems like an important detail

[–] undefined@links.hackliberty.org 3 points 3 weeks ago (1 children)

I don’t think I’d make that information public were I in their shoes. Wouldn’t that be a hint for anyone attempting to crack them?

[–] kate@lemmy.uhhoh.com 5 points 3 weeks ago (1 children)

no, it’s (usually) stored as a part of the hash

[–] Pika@sh.itjust.works 2 points 3 weeks ago* (last edited 3 weeks ago)

This is actually an optional thing, by default it will but it can be configured to be stripped, generally not a recommended thing though because it means that whenever you want to change the iteration count or the you need to force a password reset on every existing user

[–] Fontasia@feddit.nl 12 points 3 weeks ago
[–] Kazumara@discuss.tchncs.de 8 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Pretty good disclosure text. There are much bigger companies that don't manage to be this clear.

The only nitpick I have is saying "encypted" with bcrypt, even though they clearly know that bcrypt only hashes things.

[–] Pika@sh.itjust.works 5 points 3 weeks ago

I'm willing to give him a pass on that one since they're probably worried that their General audience will understand the word encrypted but not understand the word hashed

[–] kokesh@lemmy.world 5 points 3 weeks ago (2 children)

What the hell is Club Penguin?

[–] Darkenfolk@dormi.zone 9 points 3 weeks ago

Habbo hotel for the little, little ones I think?

[–] Dot@feddit.org 2 points 3 weeks ago (3 children)

I guess you were born in the 2000s.....

[–] rbits@lemm.ee 6 points 3 weeks ago

Hey, I was born in the early 2000s and Club Penguin was huge when I was a kid! Everyone my age knows about it.

[–] undefined@links.hackliberty.org 5 points 3 weeks ago* (last edited 3 weeks ago) (2 children)

I was born in the late 1980s, can I know what it is?

Edit: Looks like a game. Are we assuming everyone in a technology community cares about video games? I’m a programmer but can’t get into video games at all.

[–] kokesh@lemmy.world 4 points 3 weeks ago

I'm also a developer, online 24/7 since 1995 and have no idea.

[–] Crashumbc@lemmy.world 1 points 3 weeks ago (2 children)

Aren't you assuming everyone else can't care about video games because you don't?

Why does being a programmer matter? You're not implying that technology groups should care about programming I hope.

[–] undefined@links.hackliberty.org 2 points 3 weeks ago* (last edited 3 weeks ago)

I’m explaining why I’m a programmer for some context why I’m interested in technology, not to argue that all programmers hate gaming.

I was replying against the smug “you must’ve been born in the 2000s” comment. I’m arguing that not everyone is into gaming just because this is a technology community, and to maybe drop the attitude because someone isn’t cOoL like them because they were born earlier. 🙄

[–] sunflowercowboy@feddit.org -1 points 3 weeks ago

They asked what's club penguin, the person made a joke about their age. Be reasonable.

[–] Godric@lemmy.world 1 points 3 weeks ago

I guess you were born in the 1950s, kids these days just don't know...

[–] umami_wasbi@lemmy.ml 2 points 3 weeks ago* (last edited 3 weeks ago)

So what password hashing mechanism upgrades they implemented?

[–] nope@jlai.lu 2 points 3 weeks ago (1 children)

But didn't club penguin close doors ?

[–] Dot@feddit.org 6 points 3 weeks ago (1 children)
[–] nope@jlai.lu 2 points 3 weeks ago

Ahh alright thanks