If the hashes are leaked, you could log in with them. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		shawnz on Dec 15, 2016 \| parent \| context \| favorite \| on: Yahoo discloses hack of 1B accounts If the hashes are leaked, you could log in with them.

XorNot on Dec 16, 2016 [–]

Well serverside you store them as plaintext equivalents - i.e. salt+hash the hash. So a leak doesn't leak the user-side.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact