# I am the Watcher. I am your guide through this vast new twtiverse.
#
# Usage:
# https://watcher.sour.is/api/plain/users View list of users and latest twt date.
# https://watcher.sour.is/api/plain/twt View all twts.
# https://watcher.sour.is/api/plain/mentions?uri=:uri View all mentions for uri.
# https://watcher.sour.is/api/plain/conv/:hash View all twts for a conversation subject.
#
# Options:
# uri Filter to show a specific users twts.
# offset Start index for quey.
# limit Count of items to return (going back in time).
#
# twt range = 1 26
# self = https://watcher.sour.is/conv/3jlu4sa
Schneier short post on why he hates password rules resonates deeply to me. I use a password manager too, and have it set to generate really inhuman passwords. Coming across sites wanting to bind me to their own rules, arguably for _"my own protection"_, pisses me off.
@fastidious Fully agree on that. Luckily, I only rarely come across websites where my pwgen -sy 32 is not accepted. But I also try to avoid creating acconts everywhere.
@fastidious The best sites are those that silently truncate passwords … 🤣 Mine are usually 64 characters long and that’s too much for some pages …
@fastidious The best sites are those that silently truncate passwords … 🤣 Mine are usually 64 characters long and that’s too much for some pages …
@fastidious The best sites are those that silently truncate passwords … 🤣 Mine are usually 64 characters long and that’s too much for some pages …
@movq Truncating passwords!? Holy moly, never seen this so far.
@lyse I I also try to avoid creating accounts everywhere. I am really rather selective. My password manager is set just like @movq's passwords, at 64 characters, with a blend of alphanumeric and symbols.
@movq those websites that silently truncate are the least harmful. At least they don't constantly bitch and moan about your password not being perfect, according to their standards. 🤣
@lyse Actually it’s frightening so common 😥 Password database fields of a fixed length 🤦♂️
@lyse Actually it’s frightening so common 😥 Password database fields of a fixed length 🤦♂️
@prologic One would think that a maximum length shouldn't matter at all, since it's going to be hashed anyways and hashes are all the same length. Or at least that is my hope. I'm so naive… :-D
@lyse You _do_ realize of course that there are numerous systems out there that _still_ to this day store passwords in the clear right? 😂 Shocking I know 🤦♂️
@lyse You _do_ realize of course that there are numerous systems out there that _still_ to this day store passwords in the clear right? 😂 Shocking I know 🤦♂️
@prologic Yes, they all need to be burned down thoroughly.
@lyse I can think of one use case for “password truncation”: Avoid DoS. There should be *some* limit to prevent you from using a base64 encoded 5 GB video file as a password. (Of course, that limit could be something like 1024 bytes instead of 20 bytes …)
@lyse I can think of one use case for “password truncation”: Avoid DoS. There should be *some* limit to prevent you from using a base64 encoded 5 GB video file as a password. (Of course, that limit could be something like 1024 bytes instead of 20 bytes …)
@lyse I can think of one use case for “password truncation”: Avoid DoS. There should be *some* limit to prevent you from using a base64 encoded 5 GB video file as a password. (Of course, that limit could be something like 1024 bytes instead of 20 bytes …)
@movq You can always use a 5GB video file if the UI hashes it with SHA512 before posting to the server.
@movq You can always use a 5GB video file if the UI hashes it with SHA512 before posting to the server.
@movq @xuu I see, the 5 GB video password seems like a superior strategy!
@lyse there was an old tool for encrypted volumes that you could use random files as the unlock keys. And you could havemultiple hidden volumes that would unlock depending on the files supplied
@lyse there was an old tool for encrypted volumes that you could use random files as the unlock keys. And you could havemultiple hidden volumes that would unlock depending on the files supplied