this post was submitted on 24 Sep 2023
13 points (84.2% liked)

Thunder App

2813 readers
15 users here now

An open-source, cross-platform Lemmy client for iOS and Android.

This community is intended to discuss features and feature suggestions for Thunder; as well as friendly, respectful talks about Lemmy in general.

Please use the GitHub repository linked below to submit bug reports, so keeping track of them is easier, and make sure to search first if you already can find an issue for your report.

If there are any developers who would like to contribute, feel free to reach out on GitHub!

General Links
Website: Link
GitHub Repository: Link
Matrix Space: Link

Android Releases
IzzyOnDroid: Link
Google Play: Link

iOS Releases
Apple App Store: Link
TestFlight Beta: Link

Related Communities
Nightly Community: Link

founded 1 year ago
MODERATORS
 

It seems like the password limit is set to 60 characters so I’m unable to login to my instance. There probably should be no limit in the app because each server could have different limits set.

you are viewing a single comment's thread
view the rest of the comments
[–] woelkchen@lemmy.world 8 points 1 year ago (1 children)

Computers get faster all the time, making brute force cracking of passwords easier all the time. Password managers don't care how long a password is. The task of filling it out is the same.

[–] JoMomma@lemm.ee 3 points 1 year ago (2 children)

60 character passwords with any amount of complexity would take effectively infinite time to brute, an 18 character password with complex characters would take millions of years... There is no reason to use 60, let alone more than

[–] woelkchen@lemmy.world 3 points 1 year ago (1 children)

Why make excuses for maximum password lengths? Just let people decided on their own if they want 200 character passwords or not.

[–] JoMomma@lemm.ee 2 points 1 year ago (1 children)

Well, there could be very reasonable reasons for the limit, like keeping the hash tables sane, or keeping databases from needing unnecessary padding, but there really isn't any reasonable reason for needing 60+ characters in passwords

[–] woelkchen@lemmy.world 2 points 1 year ago

Well, there could be very reasonable reasons for the limit, like keeping the hash tables sane, or keeping databases from needing unnecessary padding, but there really isn’t any reasonable reason for needing 60+ characters in passwords

And how is this the duty of a client app to police that? OP says it's about being able to log into their own instance and the client app is blocking this.

[–] amju_wolf@pawb.social 2 points 1 year ago

Have you heard about pass phrases ?

Also, none of those is a sane reason to limit password length. A huge point of hashing is having short, constant length strings on output no matter the input. There's no limitation or database issue there.

The only reason to limit password length is actually security (for bad algorithms) and DoS, but that requires a limit in the thousands.