Pro@programming.dev to Programming@programming.devEnglish · 4 months agoCursed knowledge we have learned as a result of building Immich that we wish we never knew.immich.appexternal-linkmessage-square54linkfedilinkarrow-up11arrow-down10
arrow-up11arrow-down1external-linkCursed knowledge we have learned as a result of building Immich that we wish we never knew.immich.appPro@programming.dev to Programming@programming.devEnglish · 4 months agomessage-square54linkfedilink
minus-squareMaestro@fedia.iolinkfedilinkarrow-up0·4 months agoYes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
minus-squarePhen@lemmy.eco.brlinkfedilinkarrow-up0·4 months agoImagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn’t.
minus-squareMaestro@fedia.iolinkfedilinkarrow-up0·4 months agoIt doesn’t matter. That will happen for both the stored hash and the entered password, so it still matches.
Yes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
Imagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn’t.
It doesn’t matter. That will happen for both the stored hash and the entered password, so it still matches.