|
|
|
|
|
|
by kogir
5471 days ago
|
|
|
You're wrong. I use hashes so that if somehow the hashes and salts leak the attacker can't now log in as any user with no additional effort. While it's true that a hash compromise typically means you're owned, not having plaintext passwords available still makes further exploitation slightly harder. For instance, read only SQL injection that leaks hashes won't let the attacker write anything. |
|
|