Just take the string as bytes and hash it ffs

  • Eiri@lemmy.worldEnglish
    34·
    24 days ago

    You remind me of my bank about 17 years ago. Everyone had to have a 10-character password, exactly, and it had to include exactly 2 numbers and 1 symbol. I wasn’t very knowledgeable about computers at the time and it already felt dumb.

    • Wogi@lemmy.worldEnglish
      21·
      24 days ago

      A few years ago my ISP pushed an update to my router that changed the password requirements, invalidating my passwords. Because I couldn’t enter the old password I also couldn’t change the password. I had to do a factory reset.

      • Glitterbomb@lemmy.worldEnglish
        2·
        23 days ago

        ISP worker here. Our chosen routers default to an 8 digit password, the first 4 are the last 4 of the mac in hex, which anyone can easily see being broadcast by the wifi network. The last 4 are a part of a unique serial number, but its just 0-9. Ultimately, if you try to brute force this default password, you need 10000 tries. It takes a regular GPU 2 minutes with hashcat. It baffles my mind that companies think this is OK.

    • ByteOnBikes@slrpnk.netEnglish
      7·
      24 days ago

      17 years ago, jeez. My credit Union’s website is like that. Only its between 8-12 characters. No more, no less.

      It’s terrifying.

    • yamanii@lemmy.worldEnglish
      2·
      24 days ago

      Those cases where an english word gets absorbed even though no one from the origin talks like that. It’s also informally called underline here in Brazil lol.

  • guy_threepwood@lemmy.worldEnglish
    14·
    25 days ago

    I had one of those “fancy” Vodafone routers included with my broadband which had a stupid rule set on choosing the WiFi password. It’s my network, not yours, stupid router. It can be as insecure as I want.

    Anyway the rules were enforced by the JavaScript so it was easy to bypass until I got my own router to replace it with.

    • infeeeee@lemm.eeEnglish
      7·
      25 days ago

      It’s important to note, that these things are designed for the average user. If you want to change the wifi password, you are by far not an average user. Most users just plugs in and never even think about that, and the number of that kind of users are several order of magnitude higher than the conscious ones. For them it’s much more secure to set a random pw. If you let them select a password they will choose 12345 or password.

      If you know what you are doing usually it’s better to buy your own router where you can change everything the way you like.

  • Machefi@lemm.eeEnglish
    9·
    25 days ago

    Assuming we can use both lower- and uppercase letters (52 in total), with the ten digits and the underscore that gives us 63 characters to work with. A random 16-character combination of these gives us 95 bits of entropy (rounding down), which is secure enough by modern standards, at least for a home router.

    Regardless, I understand the frustration of arbitrary limitations preventing you from choosing a secure password in a way that you’re comfortable with.