Hacker News new | past | comments | ask | show | jobs | submit login

that's true, but it's the highest-profile encryption drama I could think of - a more appropriate example would probably be the onslaught of companies which are storing passwords in plaintext or simple MD5 hashes.



Hate to keep doing this to you† but you don't need anything like NaCL to solve that problem; just use bcrypt. Every development environment has a bcrypt.

Good example of a flaw mitigated by NaCL: the CBC padding oracle attack.

Caveat: no I don't


OK you caught me - I don't have any relevant examples :)


As pointed out by @bascule, Sodium will ship with the winning function of the Password Hashing Competition.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: