

Show HN: New approach to securely store passwords - ihucos
https://github.com/ihucos/passpod

======
chacham15
I appreciate your attempt to make password solutions for other people, but
after a cursory glance at the code, I can see that you are using sha512 to
hash passwords. This is easily brute-forcable. To understand why, google
"password hash". Dont make tools for other people if you dont understand the
security implications of the decisions that you make. I would hesitate writing
ANY security related code at all and would rather leave it to people with far
more experience than I have like tptacek or cperciva.

~~~
ihucos
I appreciate your feedback too and agree that security related code is a
sensitive thing. I did not loose any thought on the actual hashing and as
written in the readme this is just a prototype. The key aspect of Passpod and
on what I'd love to get some feedback is the idea to save the passwords in a
giant set of hashes instead of the commonly used map of clear usernames and
hashed passwords. I wrongfully supposed that it would be obvious that the
actual hashing is just meant to be a placeholder. So I changed sha512 to md5
and documented that the actual hashing is broken accordingly.

