undefined | Better HN

0 points0942v865310y ago0 comments

Maybe 1 or 2 KB, max. 20 million characters is a ridiculous password to remember.

0 comments

That's not the point - the difference between 2 KB and 20 MB is purely a detail. You said:

  > If you're not sending 20 megs of data,
  > you're not getting 20 megs of security.
  > So why allow it if it doesn't add anything?

You could just as equally say:

  > If you're not sending 2 KB of data,
  > you're not getting 2 KB of security.
  > So why allow it if it doesn't add anything?

Your point is the same, and it's still wrong. What you're getting is not the security - that's only half the story. My point is that is does add something, it's just that the something it adds isn't the entropy for the purpose of security.

j / k navigate · click thread line to collapse

0 comments

ColinWright10y ago

That's not the point - the difference between 2 KB and 20 MB is purely a detail. You said:

  > If you're not sending 20 megs of data,
  > you're not getting 20 megs of security.
  > So why allow it if it doesn't add anything?

You could just as equally say:

  > If you're not sending 2 KB of data,
  > you're not getting 2 KB of security.
  > So why allow it if it doesn't add anything?

j / k navigate · click thread line to collapse