couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Anderson <jch...@apache.org>
Subject Re: JavaScript bcrypt (was Re: authentication cleanup)
Date Sun, 07 Feb 2010 01:31:29 GMT
On Sat, Feb 6, 2010 at 5:11 PM, Matt Lyon <sanehatter@gmail.com> wrote:
> +1 to using a password scheme that allows for future extensibility
> and/or change.

I'd love to hear people's ideas about what schema to store the passwords in:

maybe something like this in the _user doc:

{
credentials : {
  type : "bcrypt",
  whatever else
}
}





>
> As to why storing passwords as a hashed signature (even with a salt),
> this has been making its rounds through the ruby community recently:
> http://codahale.com/how-to-safely-store-a-password/
>
> just because a hash signature is a one-way function doesn't mean it's
> necessarily cryptographic.
>



-- 
Chris Anderson
http://jchrisa.net
http://couch.io

Mime
View raw message