Hacker News new | past | comments | ask | show | jobs | submit login

Is it really that difficult to upgrade all passwords with something like bcrypt(original md5)?



It's not that it's difficult; it's not a good idea. It does not increase randomness (entropy), and would probably decrease it. In that situation, update the hash with a new method upon login.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: