Hacker News new | comments | show | ask | jobs | submit login

Right, but they also store the decryption key -- your Inky password. Which is (presumably?) encrypted… somehow? Maybe?

This would be nice to know, because they're serving as a password-management app for all of your email passwords.

Presumably, they would not store your Inky password as well -- instead, they'd store a secure hash, not MD5 or SHA-1, which are built for speed, not security....

It's more complicated than that. Please see my comments on security elsewhere in the thread. We store a password verifier object -- that's akin to a secure hash, but our authentication model offers better guarantees about protection from man-in-the-middle attacks.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact