Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It'll be troublesome to fix this since any change will invalidate all existing passwords.


Fixed and unfixed versions, no?

I usually include a verbose, independent scheme string next to encrypted db columns, so a) data is self-documenting for future owners, providing fair detail to work around forward breakage/compatibility and b) have multiple methods living in the database during upgrades.


Does "verbose, independent scheme string" mean:

Have an extra column describing the hashing scheme used for the password?

Isn't that what the $2a$12$ is for?


No, that minimum is exactly what will fail in this case.


It isn't worth fixing this - the likelihood of a hash collision is infinitesimal




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: