Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Pretty easily detected. This is a bad idea. Amateurs need to stop attempting their own patchwork solutions to their already bad fuck-ups.


Is the "easily detected" part really a problem? The idea isn't to try security by obscurity.

The main advantage is that it would still keep people from using precomputed rainbow tables and slow down brute force attacks with a minimum of additional code, wouldn't it? (similar to the switch from DES to triple DES back in the day)


(Sorry rb2k_, I didn't mean to downvote you.)


Rainbow tables are the least and most trivial of your problems to solve.

Using a fast hash algorithm for storing passwords is fucking braindead and a DOA decision to make about security.

Your "solution" doesn't solve anything.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: