If you're just hashing with SHA2 and a salt, an attacker with a run-of-the-mill ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bga on Sept 9, 2017 \| parent \| context \| favorite \| on: Hackers who broke into Equifax exploited a flaw in... If you're just hashing with SHA2 and a salt, an attacker with a run-of-the-mill GPU could crack any given hashing quite quickly. It might still take quite a bit of time to get all 143 million, but that's fine. Sell off the score in blocks of 10,000 and let the customer know they have to reverse the hashes themselves. BCrypt with lots of rounds would be best.

bluejekyll on Sept 9, 2017 [–]

Yes. You're correct of course. We should be treating these like passwords, except that they can't be rotated...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact