Hacker News new | ask | show | jobs
by deedasmi 698 days ago
Bonus points, store meta data about the hash algorithm. That way if you ever need to change it in the future due to a weakness in the algorithm you can validate the password against old metadata and rehash with new metadata and update the record.
1 comments
toast0 697 days ago
Many of the popular password hashes include metadata in the default output already. bcrypt certainly does.
link
asyx 697 days ago
Argon2 as well. Most libraries give you a string that contains all the parameters it needs for hashing.
link