• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What is wrong with bcrypt?

#1
Hello guys!

On May 1st I received an email from GitHub saying that there was a bug that exposed the password of some users.

Today I received an email from Twitter talking about a very similar situation.

In both systems, the passwords that should be encrypted with bcrypt were saved "accidentally" as plaintext in log files.

What strikes me most is that this happened to two giant companies and the same situation.

Any information security expert know how to tell me what's going on?
Reply

#2
They left debug code in production, simple as that.

And there ain't nothing wrong with bcrypt; It's secure.
You should however use Argon2 instead, if you can.
http://php.net/manual/en/function.password-hash.php
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.