Y
Hacker News
new
|
ask
|
show
|
jobs
by
amhokies
2967 days ago
Wouldn't that make it easier for someone that has access to hashed passwords in the case of a database leak? They would just have to submit the username and the hashed password (which they now have).
1 comments
etruong42
2964 days ago
You're right, but the attacker won't get the user's original password that they probably reuse elsewhere.
If it's just your authentication system hashes that are compromised, the damage can be contained.
link
If it's just your authentication system hashes that are compromised, the damage can be contained.