With sane defaults, bcrypted passwords are "worthless" in the hands of a casual ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mLewisLogic on Oct 29, 2013 \| parent \| context \| favorite \| on: MongoHQ Security breach With sane defaults, bcrypted passwords are "worthless" in the hands of a casual attacker. Somebody would have to REALLY want to access your account and have SIGNIFICANT financial/computational resources to crack it. And that only gives them one password. Significant and independent work is required for each individual password. On the other hand, there's nothing stopping a developer from doing something really dumb like setting bcrypt iterations to 1.

s_kilk on Oct 29, 2013 [–]

>> On the other hand, there's nothing stopping a developer from doing something really dumb like setting bcrypt iterations to 1.

I _really_ hope that doesn't turn out to be the case here.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact