couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Lyon <sanehat...@gmail.com>
Subject Re: JavaScript bcrypt (was Re: authentication cleanup)
Date Sun, 07 Feb 2010 01:11:53 GMT
+1 to using a password scheme that allows for future extensibility
and/or change.

As to why storing passwords as a hashed signature (even with a salt),
this has been making its rounds through the ruby community recently:
http://codahale.com/how-to-safely-store-a-password/

just because a hash signature is a one-way function doesn't mean it's
necessarily cryptographic.

Mime
View raw message