I think what was meant was that they don’t store a second hash in order to allow... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		guan on Jan 18, 2017 \| parent \| context \| favorite \| on: Facebook accepts slightly mis-typed passwords I think what was meant was that they don’t store a second hash in order to allow chopping off a character at the end. I agree with you that they would need to store extra hashes for allowing all-caps and some of the other cases.

3131s on Jan 18, 2017 [–]

No extra hashes needed for an all caps version or inverted case version of a password, just perform those transformations on the user input, hash, and compare the result to the single stored hash.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact