[drm237]

True, two way hashing is better than nothing, but it's still less secure than one way hashing (with a per-user salt) for passwords. All you need if one rogue employee and they can decrypt everyone's password. It's just difficult to justify the added risk when there usually isn't a need to retrieve the original password.

Edit: by "two way hashing" I meant encryption, not hashing. not sure where my brain was on that one...

[tptacek]

As a practitioner in this space, I'm going to tell you that I don't know what this "two-way hashing" is that you speak of. There's a right way to store passwords and there's a wrong way. The right way is bcrypt. The wrong way is anything other than bcrypt.

[thwarted]

Are you making a distinction between storing for verification and storing for use? The right way to store passwords when you use them to verify authentication is to hash (twitter verifying a login). The right way to store passwords when you need to use them to gain access on behalf of a user is to encrypt them (any third party "twitter application"). I ask because the first google result for "bcrypt" is http://bcrypt.sourceforge.net/ which is distinctly not hashing, where as the second one is for a ruby library interface to bcrypt hashing.

[tptacek]

First, bcrypt is a one-way hash algorithm.

Second, the whole fuss about Twitter and OAuth is the degree to which people are not OK with giving their passwords to other people to use.

[thwarted]

Yes, I was able to determine that bcrypt is a one-way hash algorithm. But part of my point is that the name is ambiguous because there are multiple things using that name. Even the wikipedia entry for bcrypt is for the encryption software ( http://en.wikipedia.org/wiki/Bcrypt ), not the hashing algorithm, so I was having a hard time finding out more about the algorithm other than that there is a ruby binding for it. Thankfully, the ruby docs contain references.

Consider this codinghorror posting, http://www.codinghorror.com/blog/archives/000953.html , where Atwood confuses the reasons why third-party websites would need to obscure passwords in the first paragraph and quoted section (a third party needs the plaintext of the password in order to offer integration services (assuming things like remote keys and oauth are not provided), so storing a hash of the password is meaningless in that context).

And I only used twitter and twitter applications as an example of a ecosystem that has, up until their oauth deployment, multiple consumers of passwords for different purposes (twitter for authentication, apps for integration), as a way to point out the confusion.