Hacker News new | past | comments | ask | show | jobs | submit login

It looks like you're storing an unsalted hash of the database's password in the plaintext header of the database itself. Is that correct? If so, this is a really really bad idea



According to the libsodium docs:

>The string produced by crypto_pwhash_str() already includes an algorithm identifier, as well as all the parameters (including the automatically generated salt) that have been used to hash the password.

https://libsodium.gitbook.io/doc/password_hashing/default_ph...


Aha, looks like it's using a salt and iterated hashing under the hood. Thanks for the link.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: