Hacker News new | past | comments | ask | show | jobs | submit login

In which case they're not hashing the password properly, they're likely checking the plaintext password as it's sent over HTTPS.



They do not need to transmit plaintext passwords, they merely need to pick when and how to salt each password carefully.

What they can't do is randomly salt each stored password.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: