• abhibeckert@lemmy.world
    link
    fedilink
    English
    arrow-up
    44
    arrow-down
    1
    ·
    edit-2
    1 year ago

    The website should feed your password straight into a well known hashing algorithm or key derivation function that has undergone a decade or more of careful scrutiny, without any other processing. The output will usually be a fixed length base64 or hex string.

    There’s a short list of about three options that are currently considered acceptable, and a few more are probably fine but are a little too easy to crack these days (e.g. anything that shares the same math as bitcoin… what if someone throws a mining datacentre at your password?)

    If the site breaks, maybe you don’t to be a customer of that service.

    • Vilian@lemmy.ca
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      make one account with emoji password to test their system, if it break, good, go create hour account somewhere else

    • lemmyvore@feddit.nl
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      It’s not the processing on the server that’s the problem. To reach the server the password needs to go through several layers of character encoding, if any of them fails the server will receive something different from what you meant. And when you try to login from another device and the layers will be different you’ll effectively be sending a different password.

      • ricecake@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        The same character encoding that would break emoji would break a significant portion of the words names, so if your system can’t handle it, then you deserve all the trouble that you run into.

        Unicode isn’t that hard.