Hacker News new | ask | show | jobs
by 0x49 3891 days ago
This site, while clever, is spreading potentially bad information. For instance, ive worked for plenty of companies that send out site-generated passwords. The password is stored encrypted and sent out once to the user. While not the most secure, an attacker still wont be able to get to all of the plaintext passwords if they cracked into the database.
1 comments
sfilipov 3891 days ago
If they can crack the database, what's preventing them from getting the key used to encrypt the database?
link
0x49 3891 days ago
When i say encryption, i mean 1-way encryption like bcrypt. So they could get the hashes, but would still have to somehow brute-force it.
link