obligatory bcrypt is not encryption
this post was submitted on 26 Oct 2024
114 points (93.8% liked)
Technology
72909 readers
3087 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
Correct but you also dont want an encrypted password. You want a hashed password.
this is true, and the name bcrypt can be misleading to non experts. i don’t blame them for getting this wrong in a pr statement 🤷♀️
Encrypted is also the word to make people feel safer.
bcrypt... with how many iterations? seems like an important detail
I don’t think I’d make that information public were I in their shoes. Wouldn’t that be a hint for anyone attempting to crack them?
no, it’s (usually) stored as a part of the hash
This is actually an optional thing, by default it will but it can be configured to be stripped, generally not a recommended thing though because it means that whenever you want to change the iteration count or the you need to force a password reset on every existing user
Pretty good disclosure text. There are much bigger companies that don't manage to be this clear.
The only nitpick I have is saying "encypted" with bcrypt, even though they clearly know that bcrypt only hashes things.
I'm willing to give him a pass on that one since they're probably worried that their General audience will understand the word encrypted but not understand the word hashed
What the hell is Club Penguin?
Habbo hotel for the little, little ones I think?
I guess you were born in the 2000s.....
Hey, I was born in the early 2000s and Club Penguin was huge when I was a kid! Everyone my age knows about it.
I was born in the late 1980s, can I know what it is?
Edit: Looks like a game. Are we assuming everyone in a technology community cares about video games? I’m a programmer but can’t get into video games at all.
I'm also a developer, online 24/7 since 1995 and have no idea.
Aren't you assuming everyone else can't care about video games because you don't?
Why does being a programmer matter? You're not implying that technology groups should care about programming I hope.
I’m explaining why I’m a programmer for some context why I’m interested in technology, not to argue that all programmers hate gaming.
I was replying against the smug “you must’ve been born in the 2000s” comment. I’m arguing that not everyone is into gaming just because this is a technology community, and to maybe drop the attitude because someone isn’t cOoL like them because they were born earlier. 🙄
They asked what's club penguin, the person made a joke about their age. Be reasonable.
I guess you were born in the 1950s, kids these days just don't know...
So what password hashing mechanism upgrades they implemented?
But didn't club penguin close doors ?
This is a clone version.
Ahh alright thanks