Hacker News new | past | comments | ask | show | jobs | submit login

There's some really good discussion of this going on on programming.reddit: http://www.reddit.com/r/programming/comments/ald1m/calling_c...



OW MY BRAIN. No, don't truncate SHA256 to SHA1 sizes. No, don't use MD5 to make your URLs shorter. No, DO NOT clear all of a user's signed cookies when an HMAC fails --- these aren't passwords, they're crypto secrets.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: