Hacker News new | ask | show | jobs
by sscarduzio 494 days ago
what I would have naturally done without anticipating any flaw (and probably be just OK):

   cache_key = sha(sha(id + username) + bcrypt(pass))
with sha256 or something.
1 comments
throwaway-9111 494 days ago
Why not a simple sha(id + username + bcrypt(pass))

Is there any security issues with that? I'm a "newb" in this area, so I'm genuinely curious about the flaws with the naive approach

link