Tony Arcieri / @[email protected]: Pretty much all versions of bcrypt are vulnerable to second preimage attacks because they truncate the input to the first 72 bytes, meaning the hashes for messages longer than that will collide. -- This resulted in a login bypass against Okta. -- https://www.theverge.com/... Thirty six years almost to the day after the release of the Morris Worm, OKTA announces they've just patched a bug where you can just log in with no password if your username is too long. -- Could we please, before the Morris Worm turns forty years old, make a habit of, god help us all maybe even a standard practice of, sanitizing our inputs. ...