(ian.sh)

385 points galnagli | 1 comments | 22 Oct 25 18:21 UTC | HN request time: 0.203s | source

Show context

forgotaccount22 ◴[22 Oct 25 20:19 UTC] No.45674635[source]▶

Archaic company has archaic security. Well done on the RD, but boy does it not surprise me one bit. Would almost be willing to bet that the hash was MD5 too.

replies(2): >>45674810 #>>45674956 #

veqq ◴[22 Oct 25 20:34 UTC] No.45674810[source]▶

>>45674635 #

What hash do you use?

replies(3): >>45674884 #>>45675297 #>>45677005 #

scq ◴[22 Oct 25 20:42 UTC] No.45674884[source]▶

>>45674810 #

bcrypt is the industry standard.

replies(1): >>45675775 #

1. maxbond ◴[22 Oct 25 22:08 UTC] No.45675775[source]▶

>>45674884 #

`bcrypt` is probably the "standard" in the sense that it has the widest adoption, but since 2015 [1] the "standard" in terms of what you should recommend for new work has been `argon2id` (and you can find parameter recommendations here [2]).

[1] https://en.wikipedia.org/wiki/Password_Hashing_Competition

[2] https://cheatsheetseries.owasp.org/cheatsheets/Password_Stor...

↑

Accessing Max Verstappen's passport and PII through FIA bugs