Or "let's finish setting up your PC" full screen on a 4 year old system. Then you click through just to find the only options are 1) share more data with Microsoft, or 2) make Edge your default browser. The day I find a decent note taking tablet running Linux, windows is dead to me.
Regardless of the other stuff, deputy spam catcher is and extremely valuable contribution to the community. I have requested this of people on Lemmy and been pleasantly surprised by how willing people are to help.
When you are filling out the web form with your password it's stored plain text in the web browser and accessible via JavaScript. At that point, a JavaScript function checks the requirements like length and then does the salting/hashing/etc and sends the result to the server.
You could probably come up with a convoluted scheme to check requirements server side, but it would weaken the strength of the hash so I doubt anyone does it this way. The down side of the client side checking is that a tenacious user could bypass the password requirements by modifying the JavaScript. But they could also just choose a dumb password within the requirements so it doesn't matter much... "h4xor!h4xor!h4xor!" Fits most password requirements I have seen but is probably tried pretty quickly by password crackers.
Perhaps they validate the passwords client side before hashing. The user could bypass the restrictions pretty easily by modifying the JavaScript of the website, but the password would not be transmitted un-hashed.
It is worth pointing out that nearly any password restriction like this can be made ineffective by the user anyway. Most people who are asked to put a special character in the password just add a ! to the end. I think length is still a good validation though and it runs into the same issue @randombullet@lemmy.world is asking about
Very good response. To see less complaining about Reddit, make more posts about other things. Lemmy will be what we make it. I have spent two weeks posting into the void with the community I started and I'm finally starting to see engagement. These things take time.
Yeah, automatic posts drive me away faster than anything. Good point on cross posting though, I just followed your advice. It's pretty much free if your post fits in multiple places and there are lots of nearly empty communities right now.
Or "let's finish setting up your PC" full screen on a 4 year old system. Then you click through just to find the only options are 1) share more data with Microsoft, or 2) make Edge your default browser. The day I find a decent note taking tablet running Linux, windows is dead to me.