Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I do not agree that they store a password in plain text. You cannot say for sure. What if they hash each character and store each with its position in the db?



That wouldnbe still pain text actually, because it's easy to have a table for hash -> char. Chararcters being limited by their numbers.


Fine. Refer to my detailed answer below that shows longer hashing difficult to bruteforce.


I don't find your other answer. But, basically if you hash one character, there is only ~ 255 possibities (a-zA-Z0-9 plus some special chars). So, a 10 characters password is only ~ 2,500 hash to compute and that's nothing. Might as well store it in plaintext, because it in fact is.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: