Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
homakov
on Oct 6, 2015
|
parent
|
context
|
favorite
| on:
CBCrypt: Encrypt from the client rather than send ...
Credentials are encrypted with passphrase and seamlessly stored on the server by token=sha256(passphrase).
https://truefactor.io/
valarauca1
on Oct 6, 2015
[–]
Site gives me a login page. I make a login and I get no information about the service just user options.
Also where is the salt stored? SHA256 is pretty easy to brute force even salted.
homakov
on Oct 6, 2015
|
parent
[–]
Email itself is salt (or rather public part of passphrase). So from email+passphrase encryptionKey is derived using scrypt. So it's actually sha(scrypt(email+passphrase))
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
