this post was submitted on 13 Jun 2023
4 points (100.0% liked)
Mlem for Lemmy
5526 readers
3 users here now
Official community for Mlem, a free and open-source iOS Lemmy client.
Rules
- Keep it civil.
- This is a forum for discussion about Mlem. We welcome a degree of general chatter, but anything not related to Mlem may be removed at moderator discretion. This is not a forum for iPhone/Android debate. Posts and comments saying nothing but "iOS bad/I use Android" will be removed as off-topic.
- We welcome constructive criticism, but ask that it be both precise and polite.
FAQ
- When will insert feature here be implemented?
- Check our issue board--if there isn't an issue open for the feature you want, feel free to open an issue or make post! Just remember that devs are people too--we're doing this for free in our spare time, and building a quality app takes a lot of patient work.
- Is Mlem available for Android?
- No. Mlem is written using SwiftUI, which is not currently supported on Android. If such support becomes available, we will look into bringing Mlem to our Android friends.
- How do I join the beta?
- We are currently testing our new 2.0 codebase on TestFlight. We have two beta groups: a weekly group that receives the current state of our development branch every week, and a stable group that receives a curated pre-release build at the end of each development cycle.
- Join the weekly beta
- Join the stable beta
- How do I join the dev team?
- Head over to our recruitment channel, or go straight to our GitHub and read CONTRIBUTING.md to get started.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The web UI trims passwords to 60 characters. I assume Mlem doesn’t and the API doesn’t either or just flat out rejects the request if the password is too long.
Wow, trimming passwords without telling the password owner is a terrifying behavior.
Also, having a password limit at less than 256 chars is silly in the modern world of password managers, and even 256 is a completely arbitrary limit i pulled out of my ass.
Why does the lemmy platform require short passwords, i wonder? nobody with any sense of modern, or even out-dated decades ago, sense of security stores passwords raw anymore, and hasn’t forever because it was recognized as a terrible idea and a bad pattern decades ago.
I mean there needs to be a limit, because hashing a password is, by design, resource intensive. Also, Lemmy uses bcrypt for password hashing which supports up to 72 bytes, so the limit can't be any higher than that. It should probably be indicated somewhere though, I agree. I was also caught off guard by it but realistically 60 characters is more than enough... it's more entropy than the hash you get out of it, if it's random.