←back to thread

Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC

(techcrunch.com)
282 points bundie | 1 comments | 25 Jun 25 18:07 UTC | HN request time: 0.241s | source
Show context
yodon ◴[25 Jun 25 22:32 UTC] No.44382371[source]
Pretty sure auth is not something I want a self-taught dev (or even most CS-graduate devs) writing.

Oauth2, JWT's, hashes, timestamps, validations, and such, are all totally simple until they're not. The black hats have way more experience and way more time invested in this space than most any normal dev.

replies(8): >>44382542 #>>44382600 #>>44382664 #>>44383532 #>>44383603 #>>44385107 #>>44385540 #>>44459701 #
vmg12 ◴[25 Jun 25 22:53 UTC] No.44382542[source]
Auth is really not difficult to write. It's don't roll your own crypto, not don't roll your own auth. People need to stop spreading this fud.
replies(5): >>44382590 #>>44382617 #>>44383537 #>>44383587 #>>44383602 #
gjsman-1000 ◴[26 Jun 25 02:05 UTC] No.44383602[source]
Auth, in my experience, isn't actually that hard to write.

OAuth, or any form of SSO, is not something you want to roll yourself.

Crypto is absolutely not something you want to roll yourself.

replies(1): >>44386140 #
1. Intermernet ◴[26 Jun 25 11:00 UTC] No.44386140[source]
I agree completely, which is why it's enlightening to read implementations of crypto. These are often short, seemingly simple, self contained sections of code that have to be as close as possible to perfect. Even simple things like constant time comparison algorithms are beautiful little crystal palaces of code.