Hacker News new | ask | show | jobs
by benmmurphy 2319 days ago
If you store an individual character hashed then it is trivial to brute force it. I don't think there is a bcrypt work factor that you could use that would prevent brute forcing but would allow the individual character to be used for authentication.
2 comments
mrfredward 2319 days ago
And if you know the first character of a two character password, it's trivial to brute force the second, and so on...
link
chrismatheson 2317 days ago
i would definitely expect it to be less secure, but not exactly plain text?
link