Just take the string as bytes and hash it ffs

  • Wogi@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    ·
    3 months ago

    A few years ago my ISP pushed an update to my router that changed the password requirements, invalidating my passwords. Because I couldn’t enter the old password I also couldn’t change the password. I had to do a factory reset.

    • JackbyDev
      link
      fedilink
      English
      arrow-up
      20
      ·
      3 months ago

      Feels odd to check the password requirements on the enter password screen in addition to the new password screen.

      • silasmariner
        link
        fedilink
        English
        arrow-up
        3
        ·
        3 months ago

        Might be checking the old password on the new password screen. Easy programming mistake to make I guess? Apply the same validation to all 3 password fields…

        • JackbyDev
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Ahhh, good catch! You are probably a master of code reviews and QA!

    • Glitterbomb@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      ISP worker here. Our chosen routers default to an 8 digit password, the first 4 are the last 4 of the mac in hex, which anyone can easily see being broadcast by the wifi network. The last 4 are a part of a unique serial number, but its just 0-9. Ultimately, if you try to brute force this default password, you need 10000 tries. It takes a regular GPU 2 minutes with hashcat. It baffles my mind that companies think this is OK.