|
|
|
|
|
|
by roel_v
5468 days ago
|
|
|
"you have to assume someone who stole your database also stole your code." Maybe, but that doesn't mean that a separate salt, not in the database, will prevent certain attacks, and as such is a viable option. Security is about layering, not about 'xyz isn't 100% secure in 100% of the cases, forget about it'. |
|
|
"sha1 with a salt u cant find beats bcrypt with a key u know any day"
This is fractally wrong.