Y
Hacker News
new
|
ask
|
show
|
jobs
by
rustyhancock
135 days ago
I've always wondered if it's stateless how do I rotate a password? Either due to leaking or just periodically.
It seems particularly important since this doesn't defend against compromised local environment.
1 comments
KevinChasse
135 days ago
Rotation is explicit and deterministic via the version parameter. Old passwords can be regenerated for rollback; new ones don’t require storage.
link
rustyhancock
135 days ago
But you have to remember a version parameter per password??
link