Really? All I've been doing is just picking 8 random characters as a "salt", sti... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		meric on Nov 16, 2010 \| parent \| context \| favorite \| on: Cracking Passwords In The Cloud: Amazon’s New EC2 ... Really? All I've been doing is just picking 8 random characters as a "salt", sticking it to the password, and SHA-1 it, and you're saying its not secure? Uh oh.

pjscott on Nov 16, 2010 [–]

The good news is, there are libraries for bcrypt for most every major language out there, and they are extremely simple to use. Some languages also have scrypt libraries, which is even better. Either will be a huge improvement over plain salted SHA-1.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact