|
|
|
|
|
|
by Aissen
1615 days ago
|
|
|
No that wouldn't help because you'd need to store the random salt along the hashes. So you can still do: bcrypt(other_leaked_md5 + salt) to shuck it (i.e confirm if both are the same, and skip the bcrypt on your stronger service). The defense is a global "pepper" that would be in the code but not the DB, assuming only the second one leaks. |
|
|