Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Of course one shouldn't encrypt them, one should salt and hash them. With a cryptographically secure hash such as bcrypt or scrypt.

If you use a batteries-included web-framework, this is already done for you. If you do not, you better understand the tradeoff of redeveloping those parts.



I imagine the OP probably meant that and simply wrote the wrong thing in the post. I probably wouldn't have noticed it was the wrong wording if not for this comment chain.


The only acceptable advice in this situation is "use bcrypt". Vague stuff about "hashing or encrypting" is not good enough.


Wait, what about "scrypt"? Maybe the only acceptable advice changed in the last hour? :-)


Bcrypt is a very easy to use hashing tool that exists in all popular languages. It is the best choice, and the easiest to implement.


and if you're salting them yourself you're doing things wrong, use a good library that takes care of these little crypto details for you.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: