[Catalyst] Outcome of the "Security issue with hashed passwords
in C:P:A:Password"?
Andrew Rodland
andrew at cleverdomain.org
Sat Apr 10 06:54:46 GMT 2010
On Friday 09 April 2010 09:49:24 am Evan Carroll wrote:
> The vulnerability was never against salted_hash. I've since learned
> what Crypt::SaltedHash is I just don't believe I have a reason to use
> it. Why would I want to use something that serializes the hash and
> password into one database column when I can simply store them
> separately?
Why would you want the complexity of storing them separately when you could do
it the way every other system on the planet does it? Why would you add
duplicate functionality that's inferior to what it duplicates?
More information about the Catalyst
mailing list