The best way to store a password hash -- and I apologize for belaboring this poi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

pjscott on July 5, 2012 | parent | context | favorite | on: Salted Password Hashing - Doing it Right

The best way to store a password hash -- and I apologize for belaboring this point, but it bears repeating -- is to take whatever string you get from bcrypt or scrypt, and store it somewhere reliable with quick lookups, like a database with regular backups and replication. There are libraries that handle all the details of hashing a password, adding salt, making the computation too slow to easily brute force, and putting all this behind a trivial-to-use API. Use them!

pbreit on July 6, 2012 [–]

Well, the article mostly discusses non-bcrypt solutions so the question seems reasonable. I suspect bcrypt is in limited use because it's not built-in to any of the development environments.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact