this post was submitted on 28 Feb 2024

993 points (97.2% liked)

Memes

9626 readers

1254 users here now

Post memes here.

A meme is an idea, behavior, or style that spreads by means of imitation from person to person within a culture and often carries symbolic meaning representing a particular phenomenon or theme.

An Internet meme or meme, is a cultural item that is spread via the Internet, often through social media platforms. The name is by the concept of memes proposed by Richard Dawkins in 1972. Internet memes can take various forms, such as images, videos, GIFs, and various other viral sensations.

Wait at least 2 months before reposting
No explicitly political content (about political figures, political events, elections and so on), [email protected] can be better place for that
Use NSFW marking accordingly

Laittakaa meemejä tänne.

Odota ainakin 2 kuukautta ennen meemin postaamista uudelleen
Ei selkeän poliittista sisältöä (poliitikoista, poliittisista tapahtumista, vaaleista jne) parempi paikka esim. [email protected]
Merkitse K18-sisältö tarpeen mukaan

founded 2 years ago

MODERATORS

[email protected]

993

Or maybe introduce them to Little Bobby Tables (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

173 comments fedilink hide all child comments

(skeletor is leading by example by adding that unnecessary apostrophe...)

(page 3) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 6 points 1 year ago (1 children)

Hi kind reminder password hashes.

[–] [email protected] 1 points 1 year ago (1 children)

For all no-tech-people: what? Please explain

[–] [email protected] 4 points 1 year ago (6 children)

If you're a company, you should save your users' passwords as "hashes" which is like a scrambled up version, so if your data gets stolen the hackers will have to unscramble all the passwords which takes a long time. Some naughty companies don't do this and save their passwords as plain text. The person above is presumably talking to developers to remind them not to be naughty

load more comments (6 replies)

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago)

;,'"\tpassword\t,.;

[–] [email protected] 24 points 1 year ago (1 children)

The CSV specification (RFC-4180) is pretty clear. If a value contains commas, you wrap it in double quotes. If the value contains double quotes, you double each double quote to indicate its part of the value and not the end of the value.

A properly formatted CSV should have no problems from Skeletor!

[–] [email protected] 23 points 1 year ago* (last edited 1 year ago)

There's no formal spec for CSV. The RFC you mentioned describes the most common behaviour observed in many implementations, but it's not a spec itself, as mentioned on the second page:

While there are various specifications and implementations for the CSV format (for ex. [4], [5], [6] and [7]), there is no formal specification in existence, which allows for a wide variety of interpretations of CSV files. This section documents the format that seems to be followed by most implementations:

Also, my understanding is that double quotes are only used for strings. Commas can appear outside of strings, for example in numbers in countries that use them as a decimal point. That's actually why many implementations use semicolons or tabs as the separator.

[–] [email protected] 100 points 1 year ago (7 children)

From many years of experience on the interwebs, I can recommend this password:

NUL,\t.;TAB\n\x07^C

It's very secure and works most of the time. I use it for everything.

[–] [email protected] 27 points 1 year ago (3 children)

You clearly don't use this one, don't you know lemmy instances automatically censor your ********?

[–] [email protected] 11 points 1 year ago (1 children)

Censor your what? Your ********?

load more comments (1 replies)

load more comments (2 replies)

[–] [email protected] 57 points 1 year ago (1 children)

Just changed my password to this, thanks!

[–] [email protected] 51 points 1 year ago (1 children)

hunter2

[–] [email protected] 19 points 1 year ago (2 children)

hunter2

Wow, what a coincidence, my password is ******* too!

load more comments (2 replies)

load more comments (5 replies)

[–] [email protected] 13 points 1 year ago (3 children)

Can you add a "TAB" into a password?

[–] [email protected] 6 points 1 year ago

Yes, char(9) is the SQL string for it.

However most modern password attributes are blocking this from SQL injections where a playfully named user "Drop Table" does not cause any harm

[–] [email protected] 10 points 1 year ago

\t is your best shot. For good measure, you'll also want to add double quotes (can be used to escape commas in CSVs), double double quotes, back slashes, and |s, just to mess with anyone trying to sanitize a CSV with your password in it.

load more comments (1 replies)

[+] [email protected] 23 points 1 year ago* (last edited 3 weeks ago) (5 children)

[deleted]

[–] [email protected] 5 points 1 year ago

While on the topic, this isn't how passwords work in systems.

Passwords are stored as one way hashes. So it's cryptoed only in one direction, it's lossy, and can't be recovered back to the original password.

When you log on, your cleartext PW is hashed in ephemeral memory/storage and then the cleartext password is thrown away.

That hash is compared to the hash in the DB. If the hash matches, then you have access. If it doesn't, then your PW is incorrect.

Oh my sweet Summer Child. This is definitely how it's supposed to work, but there are plenty of services that just don't know what the fuck they're doing.

Have you ever been on a site that has a stupid-low character limit for a password? There's literally no reason to do that, all the hashes are going to end up the same size in the DB anyway regardless of the original string length. Even bcrypt's max secret character limit is 70-something characters.

Ever change a password and have it not work on the next login because they're silently truncating it after a certain character limit? Ever get an email with an actual password in it?

The only reason you would do things like this is if you're storing/processing passwords in plaintext and not hashing it client-side first.

I can think of 3 offenders of this off the top of my head. It's a lot more common than you'd think.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Even if it's hashed, some systems still use unsalted MD5 which is effectively just as bad as plain text.

I don't understand it. Argon2id has been around for nearly 10 years at this point, scrypt for 15, PBKDF2 for 20 and bcrypt for 25. It's not hard.

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (2 children)

cryptoed

Unless you were looking for a sick rhyme for tiptoed, try encrypted.

[–] [email protected] 9 points 1 year ago (1 children)

Encryption is inherently reversible though. Hashing is the most accurate term to describe it

[–] [email protected] 30 points 1 year ago (1 children)

Sure, but the comic isn't talking about legit password usage systems. It's talking about how a comma could break the csv formatting of a csv file that came from a data breach and dump.

[–] [email protected] 92 points 1 year ago (2 children)

It's now how passwords work in good systems

[–] [email protected] 5 points 1 year ago

And there are plenty of bad systems, especially in this fail fast BS paradigm clueless idiots like to use. We know because they keep getting hacked (looking at you, lastpass!)

Yes, I'm a waterfall guy - get off my lawn!

load more comments