Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm confused by their claim of hashing and THEN salting authentication codes.

    On the server-side, we don't store the authentication
    code in plaintext. We hash it with PBKDF2 / SHA-256,
    salt it, then store it.


It's a salted hash. That page is corrected, thanks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: