Mastodon does not store passwords in plain text. This is trivial to confirm as Mastodon is an open-source project. We use the bcrypt algorithm for one-way hashing of passwords. I can't believe someone is spreading misinformation about something so trivial to debunk.
@Gargron I'm quite confused since the owner post on blue bird app said that this app storing password in plaintext ... I mean, it almost impossible since it's easy to get attack yet you give us the Security details in the documentation.
As a suggestion, would it be helpful to put something about this in the notification section?
@Gargron I am quite surprised at first, but eventhough this announcement can make us be relieved could you please ensure us to be able to enjoy this platform? Thanks for the explanation!
@Gargron eugen. just please i don't know anything about code blabla i just want to roleplay happily because twitter sucks.
@vigdis This is not an issue with special characters, nor is it an issue in a true sense of the word. The bcrypt algorithm works on 72 bytes, anything beyond that makes no difference. This is a comparatively arcane topic that is disingenous to bring up in the context of this thread. If you'd like, you should bring this topic up with the developers of the bcrypt gem or Devise.
@Gargron Eugen, please don’t betray us, take care of this platform! If it grows this will become a big platform and will be used by many people, I hope you can protect your user data. Have a nice day!
@Gargron please make this simple because im dizzy looking someone with same username but different domain
This is normal - many people here register one or more "alt" accounts on another Mastodon instance in case their main one has to be temporarily closed for maintenance (or for posting in different languages or different things they do).
Usually they are the same person (check the profiles carefully though).
If you look at mine, you can see I am also on chaos.social where I am @vfrmedia
@Tenlee_1001 It works kinda like email, multiple servers exist and including the domain distinguishes them.
@Gargron I JUST WANNA THANK TO YOU BECAUSE YOU MADE THIS PLATFROM SERIOUSLY I HATE JACK BECAUSE HE EAT MY ACCOUNTS ON TWITTER WITH NO REASON. WE NEED HAPPY PLACE JUST TO ROLEPLAY.
AARRRRGGHHHH THERE ARE SO MANY THOUGHTS I WANT TO SAY.
@Gargron eugen. i wanna say that please just be like this. be fast respond and listen to mastodon user since you are the owner because we need master-nim (?) like that. it is just like you are the king of this platform (?)
what did i just say okay sorry.
@Gargron I was very surprised when I read the fake news. thankyou for confirming that this is not true. lets do the best development for the app . Cheer up !!
@Gargron I dont think this about technical things, this is about envy capitalist because they cannot put ads on this platforms
Hello @Gargron thank you for your work 🙂
I trust Open Source Software and I trust you 👍
Thank you for the information (even if the initial fake news didn't come to me)
@Gargron And now you see how misinformation works. People like to be offended more than they like to know the truth.
SCIENCE: Empirical Accxperiment By @Gargron Suggests That A Juicy Untruth May Travel As Quickly As Six Times The Speed Of Truth!
@Gargron you are in the right here. That complaint showed no evidence of compromise being traced back to mastodon.social, and did indicate account and password reuse... which means any of the sites tha email was used at could be at fault.
Although it was more likely a drive-by password spray and a weak password that caused his breach... statistically speaking.
@Gargron This is particularly sad for me as this huge difference could happen without the help of a recommender system. I always thought that ok, there is human behavior but we also need ML to magnify it so much. However, it was blown here quite well without it.
@gerazo No, I meant tweet when I said tweet. The misinformation and my response I'm talking about are on Twitter.
@Gargron Ohh, thanks. That sound much better!
In this case, it was just the normal way of a recommender blowing up stuff. I wonder how big the original human response could be. I have a feeling that is not even necessary larger: it just comes earlier because we are motivated to click on more dangerous, cognitially more challenging things first before the convenient reassurance.
You are presuming a few things there
a) folks know how to read the code
b) understand what bcrypt is
c) instances are free of modification
But yeah. FOSS makes it harder to hide secrets
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!