“Substitute any special characters with an asterisk.” (opens in new tab)

(twitter.com)

4 pointshodgesmr7y ago2 comments

2 comments

Took me several reads of this to figure out the context, but now I think I understand it.

I think this answers the question about how passwords at what seems to be a large financial firm are stored - after all, there's only one way to know which of the characters in the stored password are special...

surye7y ago

There's a few different ways, if they need to say they store them hashed, maybe they are hashing a T9 version (at severely reduced entropy).

j / k navigate · click thread line to collapse

2 comments

gargravarr7y ago

Took me several reads of this to figure out the context, but now I think I understand it.

surye7y ago

There's a few different ways, if they need to say they store them hashed, maybe they are hashing a T9 version (at severely reduced entropy).

j / k navigate · click thread line to collapse