Hacker News new | past | comments | ask | show | jobs | submit login

I don't get it. Is there a reason for some sites to actually do that? (considering that they don't store your password as plaintext)

I guess if someone stole their database it would be impossible to know your real password, but still...

Or am I missing something here?




Some sites lowercase all passwords after they are input to "help" users who hit caps lock or are otherwise challenged by case sensitivity. Then you have DES crypt (as once used by Gawker), which only uses the first 8 characters of the password. A site which uses either or both of these methods may happily let you type in a password of any length or complexity, but the version they use will have significantly lower entropy. I've even seen sites silently strip special characters.


> I don't get it. Is there a reason for some sites to actually do that?

Yes it's to save space ...

No, wait.

It's so they don't use all the CPU power ...

No, not that either.

It's because the programmer didn't want to use their braincells.

Yeah, that would be it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: