You misunderstand. You shouldn't have the password in memory. The password shoul... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

drakaal on Feb 23, 2014 | parent | context | favorite | on: Salted Password Hashing – Doing it Right

You misunderstand. You shouldn't have the password in memory. The password should basically never exist beyond the fractional second that you are validating it.

nitrogen on Feb 23, 2014 [–]

I know that. Which is why the hash should include just the password, and not a bunch of other data that would require having the password in plain text again just to let the user change something in their profile.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact