Hacker News new | past | comments | ask | show | jobs | submit login

The other solution (that Yahoo used) is use bcrypt(md5(password)) which allows them to rehash all existing passwords without logging in.



I think that's what he described, plus adding a prefix in order to indicate it's been re-hashed.


That's exactly right, thank you!




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: