Hacker News new | ask | show | jobs
by adam-f 4539 days ago
I'm confused by their claim of hashing and THEN salting authentication codes.

    On the server-side, we don't store the authentication
    code in plaintext. We hash it with PBKDF2 / SHA-256,
    salt it, then store it.
1 comments
tashmahalic 4539 days ago
It's a salted hash. That page is corrected, thanks.
link