You can change your pepper by double-peppering your existing password database: ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cpeterso on March 27, 2015 \| parent \| context \| favorite \| on: Slack was hacked You can change your pepper by double-peppering your existing password database: `scrypt(scrypt(scrypt(scrypt(password, salt), pepper2013), pepper2014), pepper2015)` https://blog.filippo.io/salt-and-pepper/

flurdy on March 27, 2015 [–]

Sounds like a maintenance nightmare. Need to ensure you keep your tongue straight when partitioning or restoring databases, migrating/splitting to new apps etc.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact