Comment

Comment on In the latest Windows 11 preview build, Microsoft removed the “bypassnro” command, which let users skip signing into a Microsoft Account when installing Windows.

eronth@lemmy.world ⁨1⁩ ⁨week⁩ ago

I use that command partially because Microsoft accounts don’t allow passwords as long as the password I like to use for my PC

source

Sort:hotnew top

nutsack@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago
are you a horse battery staple wizard

source
- eronth@lemmy.world ⁨1⁩ ⁨week⁩ ago
  Basically. It’s essentially a full-on sentence and last time I looked, Microsoft allowed about half the character length.
  
  source
  - Senal@programming.dev ⁨1⁩ ⁨week⁩ ago
    Well, at least they aren’t pretending to accept longer passwords but actually truncating it, like they used to in hotmail and live.
    
    They were silently truncating the passwords to something like the first 16 characters, the rest was ignored.
    
    source
- DJDarren@sopuli.xyz ⁨1⁩ ⁨week⁩ ago
  Correct
  
  source
  - nutsack@lemmy.dbzer0.com ⁨1⁩ ⁨week⁩ ago
    my man
    
    source
Buddahriffic@lemmy.world ⁨1⁩ ⁨week⁩ ago
Which suggests to me that MS stores plaintext passwords. Because a hash function doesn’t care about the length of what it’s hashing, the output will always be the same length, so they could verify a 300 character password with the same storage space as a 3 character password.

source
- capybara@lemm.ee ⁨1⁩ ⁨week⁩ ago
  Not how it works. You don’t attempt to guess the hashed password, you guess a password which then is hashed
  
  source
  - Buddahriffic@lemmy.world ⁨1⁩ ⁨week⁩ ago
    What’s stored is hash(password). Then the password check is stored == hash(entered).
    
    Hash(x) will be the same length, regardless of what x is. What that length is depends on which hash function it is. So the database can set the length of its storage for each user’s password to the length of the hash and the hash function will take any size password.
    
    source
oysterenjoyer@sh.itjust.works ⁨1⁩ ⁨week⁩ ago
Genuine question:

What’s the point of a long password on Windows? I understand that you sometimes don’t want people accessing your stuff, but at it takes to bypass that and someone access your files is booting off of a USB stick. Or do you perhaps use full disk encryption?

source
- FauxLiving@lemmy.world ⁨1⁩ ⁨week⁩ ago
  Most people are more worried about remote attackers than someone physically putting hands on their PC. But, yes, you should pretty much without exception be using full disk encryption.
  
  It’s very assholish of Microsoft to lock bitlocker behind the Pro license.
  
  source
- eronth@lemmy.world ⁨1⁩ ⁨week⁩ ago
  It’s mostly my penchant for longer passwords in general. I did not plan to swap up strategies for my personal PC login account. Seeing microsoft demand a shorter password than I use almost everywhere else was… not promising.
  
  source