Y
Hacker News
new
|
ask
|
show
|
jobs
by
bonzoesc
5189 days ago
Because sha1 is still super fast on a GPU. Why aren't you using bcrypt?
1 comments
Misiek
5189 days ago
I thought that hashing password with two types of salt (one of them is unique for every user) and two places to storage salts is secure enough.
link
tptacek
5189 days ago
You thought wrong.
link
bonzoesc
5189 days ago
Salts don't slow a GPU down:
http://codahale.com/how-to-safely-store-a-password/
link