Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why not do both then?

    1. bcrypt(SHA1(pass)) right now to secure all pws
    2. check against that, then update to bcrypt(pass) on login


That's probably the correct thing to do but since you're unlikely to ever achieve 100% migration, it doesn't help a whole lot.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: