Hacker News new | past | comments | ask | show | jobs | submit login

Personally, I don't think I'm going to bother to change my password since it's a 64-character or so generated one for their site only and they don't have my credit card info. But I can see some reasons why I would care about the details of their encryption method. If it's MD5(pass+salt) then most people probably need to go change it, along with any other sites they're using that password at, and possibly mess up their evening a bit. If it's something silly but better like sha512(sha512(...(pass)...)) enough times such that it takes a good chunk of time for any password, or even better bcrypt, then most users can relax and change it when they can get around to it.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: