Hacker News new | past | comments | ask | show | jobs | submit login

I have a story about that based on real facts(TM): I once had to reset my own password on a production database and I decided to hash it by hand and UPDATE my row in the users table.

A few hours later we had got a few calls from angry customers who couldn't log in. I had effectively forgotten the WHERE clause so all users had the same password: mine.

Extra points for not having read the "xxx rows updated" line that the mysql console outputs after each query...




Technically they didn't have the same password, unless you're saying that your passwords aren't salted ;)


I updated the hash and the salt in the same query. They weren't salted against the user id or anything like that, just a second column for the salt, which is... common practice.


where do you get that conclusion? There's a lot of ways the password could be literally the exact same string, yet still be salted and even peppered.


I like adding garlic to my passwords, gives them a kick!


Your response could be taken as a joke (made me laugh anyway!), but also seriously too. If it was serious, what do you use as garlic and why?


It was a joke, I'm not sure what garlic would be added to a password.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: