Hacker News new | ask | show | jobs
by elysianfields 453 days ago
I want to like this, but there are a couple of red flags. One is using SHA-3 to hash and store the passwords.

You shouldn't use such a hashing function for password storage. Calculating password hashes should be computationally expensive, not cheap.

Nuff said, overall it looks like a cool project to toy around with, but not something you should be using to build a product with yet.
1 comments
smuffinator 453 days ago
I think the docs haven't been updated - there was a commit made 3 weeks ago where they replace SHA3 with bcrypt
link
stosssik 453 days ago
Good catch! You're absolutely right. We switched from SHA3 to bcrypt a few weeks ago, but forgot to update the docs.

Thanks a lot for pointing it out. I just created an issue to track this, and we’ll fix it shortly: https://github.com/mnfst/manifest/issues/361

link