Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, "Bob's bcrypt lib" is safer (apart from some serious mistake or compromise, which are not rare) than hashing your passwords with a rock-solid sha1 library.

"But being from a known implementation should not be the only factor you consider otherwise you're just cargo culting"

Of course

In the same way some people blindly answer "use bcrypt" to any mention of password hashing.



> In the same way some people blindly answer "use bcrypt" to any mention of password hashing.

It's almost like there was a reason I explicitly decried cargo culting (yes, that counts too) and blind answers instead of understanding.

Could you try to read and understand the comments that are left instead of responding to points that were never made?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: