<p>./ <span class="h-card" translate="no"><a href="https://mastodon.social/@whitequark" class="u-url mention">@<span>whitequark</span></a></span> </p><p>The "thirteen cases" punchline here interests you, as a leading historian of USB Bulk Only Transport (BOT/BBB != CBI)<br />?</p><p>> > > Okta allowing login bypass for any usernames with 52+ characters</p><p>> > I tend to be sympathetic with coders who introduce bugs, having introduced my share. Getting all the edge cases right can be hard.<br />> > <br />> > But every now and then a bug comes along that makes me think "How in the hell could this have possibly happened?"</p><p>> the bcrypt hash function ignores input above a certain length! so if you do bcrypt(username || password) for some reason, a sufficiently long username will make it accept any password<br />><br />> to fix this you can sha256 the input first</p><p>=></p>
