Anna Anthro12h ago

Apple update turns Czech mate for locked-out iPhone user

“A 21-yr-old university student in the US is in data limbo after #Apple removed a character from its #Czech keyboard, preventing him from entering his #iPhone passcode.”

https://www.theregister.com/2026/04/12/ios_passcode_bug/

Apple update looks like Czech mate for locked-out iPhone user

: Lock-screen keyboard no longer accepts háček in student's alphanumeric passcode

The Register
Show threadRadek Průša8h ago

@AnnaAnthro I'm a native Czech speaker, and I've seen so many strange issues when using accented characters (ú,ů,ý,ž,ř,č,ó, etc.) in passwords. The worst kind is when the service says that my password was changed successfully, then I go to try and login, and get errors because the password hashing process made some changes to the password because of the accented characters, and I have to reset it.

Some services also silently truncate passwords over 56 and 72 characters.

Show threadRadek Průša
@AnnaAnthro I don't know all that much about password hashing algorithms, but I have a theory that some hashing algorithms might turn a character like "č" into some other representation like punycode "xn--bea", which might make the password character counter on some websites get a count different from the hashing algorithm, which would then silently truncate my passwords when they go over the upper character limit. Instagram has been having issues like this since like 2016.
5:39pmWeb
Show threadAnna Anthro7h ago
@prusa Really interesting stuff.
Show threadRadek Průša7h ago
@AnnaAnthro I put this theory together after reading an article (https://soatok.blog/2024/11/27/beyond-bcrypt/) about bcrypt, and started thinking that since most sites have a max allowed length for passwords to prevent a DOS from having to hash extremely long passwords, they might only enfore the max length on the password form, and not the hashing and salting process.
Beyond Bcrypt - Dhole Moments

In 2010, Coda Hale wrote How To Safely Store A Password which began with the repeated phrase, “Use bcrypt”, where the word bcrypt was linked to a different implementation for various pr…

Dhole Moments