Just take the string as bytes and hash it ffs

  • aname@lemmy.one
    link
    fedilink
    English
    arrow-up
    6
    ·
    2 months ago

    Usually 256 bit hash is used. 256 bits is 32 bytes or 32 characters. Of course you are losing some entropy because character set is limited, but 32 characters is beyond reasonable anyway.

    • Showroom7561@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      I’d be totally fine woth 32 characters! But I’ve come across too many websites with unreasonably short (20 characters or less) limits.

    • Lojcs@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      2 months ago

      The eff passphrase generator has about 2.5 bits of entropy per character (without word separators). Eff recommends 6 word passphrases, and with an avg word length of 7, that’s (only) 79.45 bits of entropy that won’t even fit in the 32 characters. If there wasn’t a password length limit it would be possible to saturate the hash entropy with a 20+ word & 102+ char passphrase.

      • aname@lemmy.one
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        Of course, but that’s because you are using a passphrases. Passwords have a much hogher entropy.