The purpose of a blacklist is multifold - to reduce the efficiency of an *offlin... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		royce on Feb 22, 2018 \| parent \| context \| favorite \| on: "Pwned Passwords" V2 With Half a Billion Passwords The purpose of a blacklist is multifold - to reduce the efficiency of an offline attack, in which the hashes are stolen and can be attacked at high speeds without rate limiting - as well as an online attack.

coryodaniel on Feb 22, 2018 [–]

Sure and 10k will do fine otherwise “! I thh Cher;457?:25?//(5 we” is going to suck for you user login story.

Maybe salt your passwords, use some stretches, and a decent algorithm instead of MD5, SHA1, etc.

Also stay up on algorithms and roll your users over to new ones over time.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact