They're using SRP, which dictates that they're storing passwords (relatively) se... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tptacek on May 25, 2012 | parent | context | favorite | on: Diablo 3 bug report: "Passwords not case-sensitive...

They're using SRP, which dictates that they're storing passwords (relatively) securely on their side. You don't have to guess; this stuff has been reversed.

uxp on May 25, 2012 [–]

Storing un-hashed passwords (encrypted or otherwise)?

I'm largely unaware of crypto outside of the general "use bcrypt" webapp cases. SRP is a fairly unknown field to me.

Edit: nevermind, you more or less confirmed this question further down this thread[1], and [2]

[1] http://news.ycombinator.com/item?id=4022996

[2] http://news.ycombinator.com/item?id=4023034

The deadline for YC's W25 batch is 8pm PT tonight. Go for it!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact