Welcome Guest, Not a member yet? Register   Sign In
What is wrong with bcrypt?

Hello guys!

On May 1st I received an email from GitHub saying that there was a bug that exposed the password of some users.

Today I received an email from Twitter talking about a very similar situation.

In both systems, the passwords that should be encrypted with bcrypt were saved "accidentally" as plaintext in log files.

What strikes me most is that this happened to two giant companies and the same situation.

Any information security expert know how to tell me what's going on?

They left debug code in production, simple as that.

And there ain't nothing wrong with bcrypt; It's secure.
You should however use Argon2 instead, if you can.

Theme © iAndrew 2016 - Forum software by © MyBB