Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Salting won't work in this particular case. You need to match plaintext against a blacklist. Salt per entry is too expensive, salt per blacklist is exploitable.


Were it be a small company, we would try sharding salts + increasing the number of rounds of scrypt or some mix with a bloom filter.

However, this is facebook. It's not too expensive for them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: