|
|
|
|
|
|
by FiloSottile
5129 days ago
|
|
|
Yeah it is stupid, probably because security answers are needed to trigger some system on the server side (not to decrypt anything) and if an attacker has access to the DB, probably can already trigger the process. But actually they are even more sensible to reuse than passwords, so they should be hashed. |
|
|