Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's better, but still horribly broken. Sha1 and md5 simply aren't adequate for secure passwords, they are still broken too quickly. You should use bcrypt. http://codahale.com/how-to-safely-store-a-password/ explains why, and links to implementations of bcrypt in many environments/languages (in the opening when he says "Use bcrypt" a hundred times).


thanks. I had something like that in mind, but didn't know what it was called.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: