Timeline for Is my developer's home-brew password security right or wrong, and why?
Current License: CC BY-SA 3.0
7 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 23, 2017 at 12:40 | history | edited | CommunityBot | replaced http://stackoverflow.com/ with https://stackoverflow.com/ | |
| Dec 19, 2012 at 14:56 | comment | added | Sarel Botha | @jmoreno, right, which is why I said 'probably'. The main point is that the hashing must take time. | |
| Dec 18, 2012 at 22:13 | comment | added | Thomas | @jmoreno In general, security by obscurity is perceived as a crutch for poor cryptography practices, and it often is. That doesn't mean it doesn't have value - it does have its uses, but in this situation it is not warranted. | |
| Dec 18, 2012 at 22:02 | comment | added | jmoreno | @Thomas: true, and the reason for rejecting bcrypt is simply unsupportable, but that doesn't mean that your code can't add (or remove) value from using the standard libraries and practicies. | |
| Dec 18, 2012 at 20:39 | comment | added | Thomas | @jmoreno Still doesn't justify his useless scheme. | |
| Dec 18, 2012 at 16:48 | comment | added | jmoreno | Just because they can access the DB, does not mean they have access to his code. | |
| Dec 18, 2012 at 16:22 | history | answered | Sarel Botha | CC BY-SA 3.0 |