Mastodon does not store passwords in plain text. This is trivial to confirm as Mastodon is an open-source project. We use the bcrypt algorithm for one-way hashing of passwords. I can't believe someone is spreading misinformation about something so trivial to debunk.
The tweet with the misinformation got shared 1395 times, my response 85 times...
@Gargron I'm quite confused since the owner post on blue bird app said that this app storing password in plaintext ... I mean, it almost impossible since it's easy to get attack yet you give us the Security details in the documentation.
As a suggestion, would it be helpful to put something about this in the notification section?
lol, anyone that has ever programmed anything with a password knows if you try to view it in the script, its just a black box, from my experience anyways...
Arisu 🏳️🌈, it's a KDF, not a hash function. It serves a different purpose. Password-based key derivation functions usually are deliberately computationally expensive as their output is then used as an encryption key so it's extremely important to protect against brute forcing. Some take literally seconds. Why would you put this much load on a server though?
@grishka because of improved security. i don't know enough about security to say anything, but searching got me to think the security benefits are worth it.
@Gargron I am quite surprised at first, but eventhough this announcement can make us be relieved could you please ensure us to be able to enjoy this platform? Thanks for the explanation!
@Gargron eugen. just please i don't know anything about code blabla i just want to roleplay happily because twitter sucks.
@vigdis This is not an issue with special characters, nor is it an issue in a true sense of the word. The bcrypt algorithm works on 72 bytes, anything beyond that makes no difference. This is a comparatively arcane topic that is disingenous to bring up in the context of this thread. If you'd like, you should bring this topic up with the developers of the bcrypt gem or Devise.
@Gargron Eugen, please don’t betray us, take care of this platform! If it grows this will become a big platform and will be used by many people, I hope you can protect your user data. Have a nice day!
@Gargron please make this simple because im dizzy looking someone with same username but different domain
This is normal - many people here register one or more "alt" accounts on another Mastodon instance in case their main one has to be temporarily closed for maintenance (or for posting in different languages or different things they do).
Usually they are the same person (check the profiles carefully though).
If you look at mine, you can see I am also on chaos.social where I am @vfrmedia
@Tenlee_1001 It works kinda like email, multiple servers exist and including the domain distinguishes them.
@Gargron I JUST WANNA THANK TO YOU BECAUSE YOU MADE THIS PLATFROM SERIOUSLY I HATE JACK BECAUSE HE EAT MY ACCOUNTS ON TWITTER WITH NO REASON. WE NEED HAPPY PLACE JUST TO ROLEPLAY.
AARRRRGGHHHH THERE ARE SO MANY THOUGHTS I WANT TO SAY.
@Gargron eugen. i wanna say that please just be like this. be fast respond and listen to mastodon user since you are the owner because we need master-nim (?) like that. it is just like you are the king of this platform (?)
what did i just say okay sorry.
@Gargron I was very surprised when I read the fake news. thankyou for confirming that this is not true. lets do the best development for the app . Cheer up !!
coming back to this this thread 30min later.. >.< ...lol, if people ever knew exactly how much information internet giants collected from them they'd be deleting thier accounts faster than this rumor was spreading. haha
@Gargron I dont think this about technical things, this is about envy capitalist because they cannot put ads on this platforms
Hello @Gargron thank you for your work 🙂
I trust Open Source Software and I trust you 👍
Thank you for the information (even if the initial fake news didn't come to me)
@Gargron And now you see how misinformation works. People like to be offended more than they like to know the truth.
SCIENCE: Empirical Accxperiment By @Gargron Suggests That A Juicy Untruth May Travel As Quickly As Six Times The Speed Of Truth!
@Gargron you are in the right here. That complaint showed no evidence of compromise being traced back to mastodon.social, and did indicate account and password reuse... which means any of the sites tha email was used at could be at fault.
Although it was more likely a drive-by password spray and a weak password that caused his breach... statistically speaking.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!