Page MenuHomeSchine - Phabricator
Create Task
Maniphest T2252

Registry | Registry has a maximum password length of 128 characters
Closed, FinishedPublic
Actions

Description

As the title states, the registry has a maximum password length of 128 characters(tested with just alphanumeric characters). This should either be stated as such, or the limit should be removed.

If non alphanumeric characters are used, that limit might be lowered, if it isn't a character but a byte limit.

Details

Task Type
Bug
Testing Results
Affected Gamemode(s)
none/unspecified
Reproducible
Yes
Category
none/unspecified
Hardware/Software/System
OS-Specific
No
Hardware-Specific
No
Video Card Vendor
uncertain
Steps to reproduce

Create an account or change the password of an existing account, and set the password to some password that is 129 characters long or longer.

Event Timeline

AndyP shifted this object from the S1 Public space to the S7 Registry space.Feb 25 2017, 12:33 AM
AndyP changed the visibility from "Custom Policy" to "Public (No Login Required)".
AndyP changed the edit policy from "Task Author" to "Starmade (Project)".
AndyP moved this task from New / Unconfirmed to Confirmed on the Issue Navigation board.
AndyP changed the task status from Open to In Queue (Registry).
AndyP claimed this task.
Restricted Application edited projects, added Registry Development; removed Issue Navigation. · View Herald TranscriptFeb 25 2017, 12:33 AM
AndyP added a comment.Feb 25 2017, 12:36 AM

I am not sure if there is some type of spam-protection to fight brute force attacks.
But a length 128 mix of upper and lowercase chars + numbers should already deliver a quite high entropy.
However, sure, if special characters could be made possible, that may help with security.

calani added a subscriber: calani.Mar 6 2017, 7:40 PM

While I haven't tested unicode characters, it's very highly unlikely that it's a byte limit.

calani added a comment.Mar 6 2017, 7:47 PM

The password update page now states the valid password length range, and displays an error notification for invalid lengths.

calani changed the task status from In Queue (Registry) to Resolved.Mar 6 2017, 7:47 PM
Restricted Application edited projects, added Quality Assurance; removed Registry Development. · View Herald TranscriptMar 6 2017, 7:47 PM
lancake shifted this object from the S7 Registry space to the Restricted Space space.Mar 12 2017, 2:14 PM
lancake added a subscriber: lancake.
This comment was removed by lancake.
lancake moved this task from Backlog / Unclassed to Confirmed fix on the Quality Assurance board.Mar 22 2017, 12:32 AM

-QA Testing-

Fix confirmed, will report the unrelated issue(s) in different tasks.

lancake added a subscriber: AndyP.Mar 22 2017, 12:46 AM
lancake claimed this task.
lancake shifted this object from the Restricted Space space to the S7 Registry space.Mar 29 2017, 11:20 AM
lancake moved this task from Unclassed to Archived on the Starmade board.Mar 29 2017, 1:17 PM
lancake closed this task as Closed.Apr 28 2017, 1:23 PM
Restricted Application removed a project: Quality Assurance. · View Herald TranscriptApr 28 2017, 1:23 PM
Restricted Application removed a subscriber: AndyP. · View Herald Transcript