I have been trying for days to log in. No matter what I do, I keep getting could not connect to [server]. I tried for days and it didn’t work.

Then I realized. I have a password manager installed, and I let it pick its longest password length (100 characters). I reduced it to 32 characters, and my login immediately worked.

Lemmy itself supports huge passwords, but it seems as if mlem does not. I do not know how long your password can be before mlem pukes on its own shoes, but it’s somewhere between 32-100 haha.

  • exal
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    2 years ago

    The web UI trims passwords to 60 characters. I assume Mlem doesn’t and the API doesn’t either or just flat out rejects the request if the password is too long.

    • rubythulhu@beehaw.orgOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 years ago

      Wow, trimming passwords without telling the password owner is a terrifying behavior.

      Also, having a password limit at less than 256 chars is silly in the modern world of password managers, and even 256 is a completely arbitrary limit i pulled out of my ass.

      Why does the lemmy platform require short passwords, i wonder? nobody with any sense of modern, or even out-dated decades ago, sense of security stores passwords raw anymore, and hasn’t forever because it was recognized as a terrible idea and a bad pattern decades ago.

      • exal
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 years ago

        I mean there needs to be a limit, because hashing a password is, by design, resource intensive. Also, Lemmy uses bcrypt for password hashing which supports up to 72 bytes, so the limit can’t be any higher than that. It should probably be indicated somewhere though, I agree. I was also caught off guard by it but realistically 60 characters is more than enough… it’s more entropy than the hash you get out of it, if it’s random.