

That’s kinda fucked up
That’s kinda fucked up
Looking forward to trying that today.
No they’re not supposed to be piling it up
Yes, but we didn’t emit nearly enough co2 on that one
It’s not worth the risk. If your job is border control, would you be smuggling goods? Maybe some would, but most would not.
They’re whitehat because they don’t want to take part in illegal activities, or already have and have grown from it.
Design lead wants parting earth and flowing lava. Budget dictates static assets and baked in animations.
So you were questioning a password limit of 256 chars.
Let’s say we do not impose a limit because we’re not worried about anything.
We now get hit by a botnet trying to create accounts or login in thousands at the same time.
Say we’re using Argon2id. This is obviously subjective to hw and parameters, but let’s say 8k characters take 5 seconds of (1) cpu time on your server.
Now multiply this by 1000 attempts a second, and all your hardware does is calculate hashes.
The input limit of Argon2 specifically is much, much higher than that at 2^32-1 bytes, at which point you might as well just take it offline yourself.
If hashing of 256-character passphrases, or even 2560-character passphrases
If we impose no limit, why would the attacker limit themselves to 2560 chars?
Like an individual dev can decide to make random changes to bank systems lol
Hashing takes up cpu time
These policies typically come from top management. They’d have to fire themselves.
We just need to use it in smart ways
We’re more likely to get copper from asteroids first or die trying
I don’t think the code is available for people to figure out whether there’s a reason or if it’s completely arbitrary.
The photo sharing complaint I don’t understand, unless immich doesn’t have the option to provide public or password protected share and upload links, which would be a real shortcoming for such app.