*They should be storing a salted hash, not the actual passwords, so the content ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shrughes on Jan 22, 2010 \| parent \| context \| favorite \| on: Stop restricting my password - Help these sites ge... They should be storing a salted hash, not the actual passwords, so the content of the password shouldn't matter. No, they should be using bcrypt. You didn't think you'd get away with this by posting after tptacek's bedtime, did you?

dinkumator on Jan 22, 2010 [–]

md5, sha, blowfish, bcrypt... name your pick. i didn't mention a specific algorithm. either way, you're still not saving the password to a database.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact