|
|
|
|
|
|
by StavrosK
4444 days ago
|
|
|
Nobody is arguing against that. The OP is asking about compromised algorithms. Sure, non-compromised algorithms can still be used incorrectly and be insecure, but compromised ones won't be secure no matter how they're used. Also, you don't use hashes to store passwords, you use KDFs. |
|
|
Well, technically a hash can be seen as a particular key derivation function (KDF). Not a proper one for the purpose of storing passwords I agree, but then most KDFs are built using salt + an iteration of hash functions, to my knowledge at least (which I admit is not very deep on the subject).