Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
rovr138
on Oct 9, 2021
|
parent
|
context
|
favorite
| on:
Gmail password first character is case insensitive...
Doing this reduces way more the space of characters and reduces security.
freemint
on Oct 9, 2021
|
next
[–]
It reduces the password strength by at most two bits. For passwords made solely of non letters there is no reduction in password strength.
nitrogen
on Oct 9, 2021
|
parent
|
next
[–]
It's one bit per alphabetic character, isn't it?
smrq
on Oct 9, 2021
|
root
|
parent
|
next
[–]
No, it's only one bit for the first character and one for the second. The case of every other character is maintained relative to the second character, so the parity there provides the one bit of information for each subsequent alphabetic character.
nitrogen
on Oct 9, 2021
|
root
|
parent
|
next
[–]
Whoops, I didn't notice that the two L's were still capitalized in the normalization example a few comments up.
freemint
on Oct 9, 2021
|
root
|
parent
|
prev
|
next
[–]
*and one for the caps lock key
remram
on Oct 9, 2021
|
prev
[–]
It reduces the space of passwords just as much as having the backend try those same combinations for every query.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
