undefined | Better HN

0 pointsrandm_prgrmr15y ago0 comments

"Salting" it in that way doesn't increase your security by much? If they looked at your password, once they obtained it, how long would it take them to figure out what you were doing, and thereby be able to derive all your other passwords?

0 comments

1 comments · 1 top-level

vrish8815y ago

True, if someone were able to get your username and password for a site they may be able to figure out your hashing scheme. But what if someone compromises an entire database? They would use a bot to go out and see what they can access with the given usernames and passwords as is.

The suggested password strategy helps to protect against the later case.

j / k navigate · click thread line to collapse