You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+1
Original file line number
Diff line number
Diff line change
@@ -17,6 +17,7 @@ NOTE: This repo is meant for a demonstration. It does not illustrate good securi
17
17
- Ask about the length of time that it took to hash their passwords (people can see this on their home page when they log in). Is it a good thing or a bad thing that the password hashing algorithm is super fast? Bad because it makes it easy to crack.
18
18
4. In `/admin`, delete the existing users, then change the hashing type to `argon2id`.
19
19
- Have people reload the page so they're logged out, then create a new account. Make sure there are 2 people who use the same password, and make sure someone uses a really common password.
20
+
- Explain that the salt is included as part of the hash.
20
21
-`argon2id` seems to be considered the best password hashing algorithm right now (`bcrypt` is good, but apparently not as good).
0 commit comments