How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
How on earth can you both not accept the password I copied from my password safe and tell me that I cannot use the same pasaword again?
Not how password hashing works. Demonstrated with sha256:
hunter2butitsreallylong:a9953dfbfec699349341edc857dcfe5c7a617c81f312cf57297d5b852881bab3hunter2:f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7a hash algorithm encompasses all provided data and returns a single fixed length data response
https://en.wikipedia.org/wiki/Cryptographic_hash_function
Any changes, even just removing a few characters, drastically changes the output of the hash function (https://en.wikipedia.org/wiki/Avalanche_effect)
You have no way of knowing a user password when you are storing hashes, you can’t truncate them, and the user password length doesn’t matter (up to a certain point where it’s technologically dumb to hash user input over a certain amount of data)
I do agree however that changing / randomizing your password is important, as someone brute forcing or running rainbow tables etc on a hash dump can quickly attack a common password across different dumps