Hacker News new | past | comments | ask | show | jobs | submit login

Edit: You said secret_key aka hidden salt, but if I can get that key by say access to the machine then it's not necessarily hidden.

I am pointing this out because the assumption is a poor PRNG used by incompetent team in the first place. Saying just do X, when it's possible to do X and still have a problem is not an actual solution. It's equivalent of saying just be competent.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact