Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wherever you're storing the key, where it's inaccessible to attackers, just store the password.

I'm not even saying that keyed hashes are a bad idea. I'm saying they're orthogonal to the question being discussed on the thread.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: