Hacker News new | past | comments | ask | show | jobs | submit login

> Passwords at Project Euler are strongly encrypted using a one-way hash

This does not instill confidence. Hashes are not encryption. Furthermore there is an enormous difference between "we store your password as a single round of MD5" and "We use pbkdf2/scrypt to store your password".




My reading of that statement is that "Passwords are strongly encrypted" means that they are stored securly such that the cannot be 'decrypted' even by someone with access to the database. This phrase is intended for people without crypto knowledge who would not know what a one-way hash is. The "using a one-way hash" phrase is intended for people who do have this knowledge and clarifies that they are actually using a hash function, and that the previous statement was just a simplification for lay people.


Sure, but Project Euler is a labor of love, not a high volume e-commerce site.

It makes sense that they'd start with a hash and not change it for years. I'm not angry or surprised at this disclosure, and appreciate their honesty.


With a random salt otherwise rainbow tables are still "go", as it were.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: