I thought that the Password+Site combo assumed the usage of SHA1 or MD5, though ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

pyre on March 1, 2010 | parent | context | favorite | on: Password Chart

I thought that the Password+Site combo assumed the usage of SHA1 or MD5, though I know that this doesn't work for some sites (with max password limits). Maybe CRC32 in those cases?

dfox on March 2, 2010 [–]

CRC32 is bad way to hash anything, if you want secure hash of some obscure length, just truncate output of say SHA-256 (by the way, SHA-224 is exactly this: truncated output of SHA-256).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact