Hacker News new | ask | show | jobs
by darkr 2689 days ago
For passwords, yes, this is generally best practice. Also, the salt is normally stored with the hashed password, as it’s not regarded as a secret.

Modern GPUs can manage several thousand million SHA256 hashes/sec, so even with a salt per hash it’s not going to take long to get a given entry, given the 32bit address space of IPv4
1 comments
jacobkg 2689 days ago
You can use bcrypt or argon2 to make it much slower than that.
link
j16sdiz 2689 days ago
but why?

If I am got a DoS attack or Spam, I need the IP to find out to whom I should file abuse complain.

Do we need to sanitize SMTP header too? How about shuting down DNSBL?

link