Hacker News new | past | comments | ask | show | jobs | submit login

that's still "storing the passwords", though. no one said it should be stored in plain text.



No a one-way hash is not "the password". If you have the hash you can't use it to login or reverse it to a password without brute force comparison which is why you always store a hash with salt using slow hashing algo, and not "the password", this has been best practice for years so a DB breach does not mean the password are compromised.


Right, but if someone mentions passwords in a non-technical context like a random Twitter threat, it's possible they mean the hashes.


I agree, but it's still the password in that it's the secret set of characters needed to be compared against to login. It's just not the same text a user would enter when prompted for the password.

Keeps in mind these hackers are the ones saying they have passwords and this is Microsoft. Most likely hashes.


I disagree you cannot use the hash to login, therefore it is not a password. Is a digital signature the item it is signing?

The whole point of hashing passwords is so if the DB containing them is breached the passwords are not compromised.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: