Hacker News new | ask | show | jobs
by limpon 4256 days ago
Are there any downsides to disclosing the hashing algorithm they're using? Does a hacker have an advantage by knowing this information.
1 comments
williamcotton 4256 days ago
I'm going to guess that they're referring to something like:

  HASHED_SALTED_PASSWORD = BCRYPT(PASSWORD, SALT)
  SALT_AND_PEPPERED_PASSWORD = HMAC-SHA256(SECRET_FACEBOOK_HASHING_KEY, HASHED_SALTED_PASSWORD)
BTW, this is not an example of "security through obscurity".
link