Note that the "safe" version makes very bespoke choices: it prehashes *only* ove... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		masklinn on Feb 5, 2025 \| parent \| context \| favorite \| on: Okta Bcrypt incident lessons for designing better ... Note that the "safe" version makes very bespoke choices: it prehashes only overlong password, and does so with hmac-sha512 (which it b64-encodes). So it would very much be incompatible with other bcrypt implementations when outside of the "correct space". These choices are documented in the function's docstring, but not obvious, nor do they seem encoded in a custom version.

jszymborski on Feb 5, 2025 [–]

Sounds like it would then make sense to hide crypto primitives and their footguns under a "hazmat" or "danger" namespace, sorta like webcrypto or libsodium.

So something like crypto.danger.bcrypt and crypto.bcryptWithTruncation

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact