If you store an individual character hashed then it is trivial to brute force it... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		benmmurphy on Feb 18, 2020 \| parent \| context \| favorite \| on: Ask HN: A major USA bank is storing passwords in c... If you store an individual character hashed then it is trivial to brute force it. I don't think there is a bcrypt work factor that you could use that would prevent brute forcing but would allow the individual character to be used for authentication.

mrfredward on Feb 18, 2020 | [–]

And if you know the first character of a two character password, it's trivial to brute force the second, and so on...

chrismatheson on Feb 20, 2020 | [–]

i would definitely expect it to be less secure, but not exactly plain text?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact