Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is the standard in the password libraries really. passlib uses thousands of rounds of sha-256, so does glibc, etc.

Unless they implemented the whole thing from scratch, they wouldn't be using a single run of sha-256. It's not impossible, but I'd say at this point it's unlikely they're doing something silly - it would be a job terminating mistake for whoever implemented the new system after the last fiasco.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: