Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
groenkek1356yhow about
(password hash, pass ukey)
(pass ukey, user ukey, date creation, date retired)
(user ukey, ...)
? -
hjk10156966yDidn't he just mean index be username? I mean what is the purpose of a password index?
-
@Deim sha1 and md5 are both not good for storing passwords because they are easily cracked. Bcrypt is the way to go 😉
-
Technically if the salt is randomized it is possible to index by hash.
It's a fucking stupid idea and the brain cell behind it needs to be smashed into a grease spot.
But possible.
Me: how's your password security?
Them: of course we value security very highly, our passwords are all hashed before being stored.
Me: what hashing algorithm?
Them: oh we hash it with sha and then place that in a table indexed by the password.
Indexed. By. The fucking. Password.
rant