hey nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq0mwq9c623ujjzpql7r4fk090yxrf458sz2egzprw0zn0ca669q9q8tvdjy (nprofile…vdjy), sorry for the random ping, but i remember you talking about this a few times before.
a website i use a fair bit (galaxy.click) currently uses bcrypt for passwords, but with a max password length of 128. i do know that bcrypt has a real max length of 72, where it truncates longer passwords, and the person who owns galaxy has some code ready to go to prevent setting new passwords >72 chars.
would a better solution be to hash the password before running it through bcrypt if the password is over the limit? i'm thinking of submitting a PR to handle this better than just changing the max length for new passwords and would like to do it correctly, and ideally we wouldn't have to like... change it in a way where old passwords would be broken/have to have hashes changed.
#1 trackball mouse enjoyer /
npub1fv…ph7qz
2025-01-16 15:09:04
Author Public Key
npub1fvuqxg2nm2c7zutl75kxcx9xnvz89cq74xl04ekcwzm30x2f3l0s8ph7qzPublished at
2025-01-16 15:09:04Event JSON
{
"id": "1e87a076849dfcd65a908de89c8d89806076144dbf713c36828b78e0ac9b8441",
"pubkey": "4b38032153dab1e1717ff52c6c18a69b0472e01ea9befae6d870b71799498fdf",
"created_at": 1737040144,
"kind": 1,
"tags": [
[
"p",
"7edc02e34a8f2521041ff0ea9b3caf21869ad0f012b281046e78a6fc775a280a",
"wss://relay.mostr.pub"
],
[
"p",
"f708981a134a11a6a01d17d326290dfaa34d81ede20ae06ad20166815f416933",
"wss://relay.mostr.pub"
],
[
"proxy",
"https://fedi.rrr.sh/users/pearl/statuses/113838662930711815",
"activitypub"
]
],
"content": "hey nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpq0mwq9c623ujjzpql7r4fk090yxrf458sz2egzprw0zn0ca669q9q8tvdjy, sorry for the random ping, but i remember you talking about this a few times before.\n\na website i use a fair bit (galaxy.click) currently uses bcrypt for passwords, but with a max password length of 128. i do know that bcrypt has a real max length of 72, where it truncates longer passwords, and the person who owns galaxy has some code ready to go to prevent setting new passwords \u003e72 chars. \n\nwould a better solution be to hash the password before running it through bcrypt if the password is over the limit? i'm thinking of submitting a PR to handle this better than just changing the max length for new passwords and would like to do it correctly, and ideally we wouldn't have to like... change it in a way where old passwords would be broken/have to have hashes changed.",
"sig": "1c7dc6d7f408ad09b19696f43de4f0b60d68d65462754439c2fe879cbe4ed17ebfce494fc7a062524386f69c7450c06c5b1e7f60306ea59cd0ef4a0fb1eb319e"
}