Sorry, but this is convoluted nonsense that can only achieve one thing: make you... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		brazzy on Feb 22, 2018 \| parent \| context \| favorite \| on: "Pwned Passwords" V2 With Half a Billion Passwords Sorry, but this is convoluted nonsense that can only achieve one thing: make yourself more vulnerable. You want your security system to be as simple as possible, and to involve as little custom code as possible. Because you can and will fuck it up if you try to be clever. Hash and salt your passwords using a library designed exactly for that purpose (which means it will use a slow hash). That's it, end of story.

coryodaniel on Feb 22, 2018 | [–]

^ above is pretty damn simple.

I also never said “write your own hashing algorithm” I said abstract it so it’s not sitting around in your ecommerce app code.

That is a simple security system. It’s just not baked into your flagship ecommerce, blog or whatever else your storing the credentials to protect.

professorTuring on Feb 22, 2018 | [–]

Agree.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact