Okay, I must really be missing something here. If your original database contain... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

nateabele on June 8, 2012 | parent | context | favorite | on: One way to fix your rubbish password database

Okay, I must really be missing something here.

If your original database contains a bunch of unsalted SHA1 (or worse, MD5) hashes, what good does securing the hashes themselves do if the means to generate the corresponding plaintext has already been released into the wild?

Someone please tell me I'm missing something obvious.

joshrice on June 8, 2012 [–]

It's how to fix your rubbish password storage, not LinkedIn's or the others who've been compromised. That's the difference.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact