what I would have naturally done without anticipating any flaw (and probably be ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		sscarduzio 7 months ago \| parent \| context \| favorite \| on: Okta Bcrypt incident lessons for designing better ... what I would have naturally done without anticipating any flaw (and probably be just OK): `cache_key = sha(sha(id + username) + bcrypt(pass))` with sha256 or something.

throwaway-9111 7 months ago [–]

Why not a simple sha(id + username + bcrypt(pass))

Is there any security issues with that? I'm a "newb" in this area, so I'm genuinely curious about the flaws with the naive approach

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact