Kudos to Django because this is *very* important Like in bcrypt discussion sayin... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		raverbashing on June 7, 2012 \| parent \| context \| favorite \| on: Change your Last.fm password Kudos to Django because this is very important Like in bcrypt discussion saying you can tune the amount of work. Sure, but what to do with the existing hashes! Of course, the user needs to retype their keys, but it's better than keeping old credentials. (or maybe you save the original credentials with strong PK crypto, together with the hash, then periodically decrypt offline and rehash)

powersurge360 on June 7, 2012 | [–]

In regards to "what to do with the existing hashes" bcrypt can detect the original work factor and hash to that. Not sure how you would upgrade that for users, however.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact