@ellotheth almost sounds like GDPR paranoia tied to the next time their password db leaks (you can bet they're not storing salted hashes, not with a 16 char upper limit)
@trickster So my theory with the 16-character upper limit -- because Microsoft also has one and whatever you think of Microsoft they understand how passwords work -- is that there is some ancient legacy user auth system that all their web properties feed into, and that system was built with a 16-char limit on input, and nobody can change it because everything would break, but the passwords *are* being hashed inside that system.
My theory helps me sleep at night.
@ellotheth well, it better be the only system that can create hashes by applying pressure on a special military-grade quartz or something
we're gonna need a lot of applied phlebotinum in order to wring more entropy out of those 128 bits 😅
@ellotheth wow… that's special.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!
We adhere to an adapted version of the TootCat Code of Conduct and follow the Toot Café list of blocked instances. Ash is the admin and is supported by Fuzzface, Brian!, and Daniel Glus as moderators.
Hosting costs are largely covered by our generous supporters on Patreon – thanks for all the help!