*cough* $250 in sales from folks who chose "password" in 2011. I suppose I could... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

patio11 on April 25, 2012 | parent | context | favorite | on: How I Collect Passwords

cough $250 in sales from folks who chose "password" in 2011. I suppose I could tell them "Wait wait, put your credit card back for a second and listen to a complicated instruction designed to solve a problem you don't have.". Doesn't seem to be a huge upside, though.

trin_ on April 25, 2012 [–]

and you know that because:

a) you store cleartext passwords b) you use a static salt and have memorized the hash of the password+your salt ... or c) ???

patio11 on April 25, 2012 | [–]

Because even bcrypt doesn't make testing one candidate password against 1,500 users all that hard.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact