Password Hashing and Salting

Discussions focus on the importance of properly hashing and salting passwords for security, debating whether a breach involved unsalted hashes vulnerable to rainbow table attacks and recommending practices like bcrypt.

📉 Falling 0.3x Security

7,507

Comments

Years Active

Top Authors

#4210

Topic ID

Activity Over Time

2007

2008

2009

229

2010

326

2011

560

2012

917

2013

687

2014

488

2015

489

2016

616

2017

355

2018

476

2019

383

2020

469

2021

401

2022

330

2023

290

2024

232

2025

149

2026

Top Contributors

tptacek (181) zaroth (38) thaumasiotes (30) tialaramex (28) dchest (23)

Keywords

PBKDF2 DateTime SHA1 HN OK MD5 LinkedIn github.com hashers.py QA password hash salt md5 passwords hashed hashing bcrypt secure plaintext

Sample Comments

tr33house • Mar 26, 2022 • View on HN

hashing and salting wouldn't really have helped in this situation

fleitz • Feb 25, 2011 • View on HN

From the information available it appears the passwords were hashed but not salted.

poizan42 • May 6, 2015 • View on HN

Use a salted hash like everybody else does with passwords?

voidfunc • Dec 25, 2022 • View on HN

Doesn't this assume the passwords aren't hashed and salted?

growt • Oct 6, 2021 • View on HN

If they are properly hashed and salted, they can not.

Tiddles-the2nd • May 4, 2022 • View on HN

That's the point, take a look into salting + hashing passwords

crocowhile • May 9, 2011 • View on HN

Nope they don't know your password, they just have the salted hash.

nicwolff • Sep 10, 2015 • View on HN

Why not, since you're only storing a fixed-length hash of the password?

TeMPOraL • May 25, 2018 • View on HN

Hashing should be done with salt for precisely that reason.

TheLoneWolfling • Mar 25, 2015 • View on HN

That's secure as long as the hash is (securely) salted.