Hacker News new | past | comments | ask | show | jobs | submit login
Password storage disclosures (michalspacek.cz)
3 points by nailer on Aug 12, 2016 | hide | past | favorite | 2 comments



Nobody seems to be using Argon2 [0].

Argon2 was the winner of the Password Hashing Competition [1].

[0] https://en.wikipedia.org/wiki/Argon2

[1] http://password-hashing.net/#phc


It's essentially a grading system based on:

a) how well passwords are stored - ie hashing algos and options, with plaintext as a fail

b) how well the company communicates the policy - a publicly available password storage policy is required for an 'A'




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: