Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, it's really not, as long as you follow current guidance on counts for iteration. There are people smarter than <x> random person and sometimes (often with crypto) it's better to follow their advice. Anyone can make a system that they themselves cannot break. Don't be that person.


I strongly disagree. If you are the person tasked with implementing password verification, then you really should learn enough about the field to give a rough explanation of why you've used bcrypt (or whatever you use). If you know what MD5 (and other simple hashes)'s deficiency is (and Hale explains it), then you should know how bcrypt, etc. solve that problem. One should follow expert advice but not blindly.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: