|
|
|
|
|
|
by ryan-c
4256 days ago
|
|
|
Security works best when it is like an onion - layered. Tweaking a password hashing algorithm (for example, changing the initialization constant in bcrypt) does not hurt security, and means that the attacker will not have sufficient information to crack the passwords with just a database dump, and even if they have everything a work factor should still deter cracking. Using md5 with the output xored against a constant would not, however, do much good. |
|
|