this post was submitted on 26 Oct 2024
114 points (93.8% liked)

Technology

58970 readers
3890 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
top 25 comments
sorted by: hot top controversial new old
[–] Fontasia@feddit.nl 13 points 3 days ago
[–] Kazumara@discuss.tchncs.de 7 points 3 days ago* (last edited 3 days ago) (1 children)

Pretty good disclosure text. There are much bigger companies that don't manage to be this clear.

The only nitpick I have is saying "encypted" with bcrypt, even though they clearly know that bcrypt only hashes things.

[–] Pika@sh.itjust.works 4 points 2 days ago

I'm willing to give him a pass on that one since they're probably worried that their General audience will understand the word encrypted but not understand the word hashed

[–] kate@lemmy.uhhoh.com 25 points 4 days ago (1 children)

obligatory bcrypt is not encryption

[–] wholookshere@lemmy.blahaj.zone 22 points 3 days ago (1 children)

Correct but you also dont want an encrypted password. You want a hashed password.

[–] kate@lemmy.uhhoh.com 6 points 3 days ago (1 children)

this is true, and the name bcrypt can be misleading to non experts. i don’t blame them for getting this wrong in a pr statement 🤷‍♀️

Encrypted is also the word to make people feel safer.

[–] PotatoesFall@discuss.tchncs.de 12 points 4 days ago (1 children)

bcrypt... with how many iterations? seems like an important detail

[–] undefined@links.hackliberty.org 3 points 3 days ago (1 children)

I don’t think I’d make that information public were I in their shoes. Wouldn’t that be a hint for anyone attempting to crack them?

[–] kate@lemmy.uhhoh.com 5 points 3 days ago (1 children)

no, it’s (usually) stored as a part of the hash

[–] Pika@sh.itjust.works 2 points 2 days ago* (last edited 2 days ago)

This is actually an optional thing, by default it will but it can be configured to be stripped, generally not a recommended thing though because it means that whenever you want to change the iteration count or the you need to force a password reset on every existing user

[–] kokesh@lemmy.world 5 points 3 days ago (2 children)

What the hell is Club Penguin?

[–] Darkenfolk@dormi.zone 9 points 3 days ago

Habbo hotel for the little, little ones I think?

[–] Dot@feddit.org 2 points 3 days ago (3 children)

I guess you were born in the 2000s.....

[–] rbits@lemm.ee 6 points 3 days ago

Hey, I was born in the early 2000s and Club Penguin was huge when I was a kid! Everyone my age knows about it.

[–] undefined@links.hackliberty.org 5 points 3 days ago* (last edited 3 days ago) (2 children)

I was born in the late 1980s, can I know what it is?

Edit: Looks like a game. Are we assuming everyone in a technology community cares about video games? I’m a programmer but can’t get into video games at all.

[–] kokesh@lemmy.world 4 points 3 days ago

I'm also a developer, online 24/7 since 1995 and have no idea.

[–] Crashumbc@lemmy.world 1 points 3 days ago (2 children)

Aren't you assuming everyone else can't care about video games because you don't?

Why does being a programmer matter? You're not implying that technology groups should care about programming I hope.

[–] undefined@links.hackliberty.org 2 points 3 days ago* (last edited 3 days ago)

I’m explaining why I’m a programmer for some context why I’m interested in technology, not to argue that all programmers hate gaming.

I was replying against the smug “you must’ve been born in the 2000s” comment. I’m arguing that not everyone is into gaming just because this is a technology community, and to maybe drop the attitude because someone isn’t cOoL like them because they were born earlier. 🙄

[–] sunflowercowboy@feddit.org -1 points 3 days ago

They asked what's club penguin, the person made a joke about their age. Be reasonable.

[–] Godric@lemmy.world 2 points 3 days ago

I guess you were born in the 1950s, kids these days just don't know...

[–] nope@jlai.lu 2 points 3 days ago (1 children)

But didn't club penguin close doors ?

[–] Dot@feddit.org 6 points 3 days ago (1 children)
[–] nope@jlai.lu 2 points 2 days ago

Ahh alright thanks

[–] umami_wasbi@lemmy.ml 2 points 4 days ago* (last edited 4 days ago)

So what password hashing mechanism upgrades they implemented?