This is only a problem in the sense that once one hash has been cracked the so i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ashconnor on June 7, 2012 \| parent \| context \| favorite \| on: Storing Passwords Securely This is only a problem in the sense that once one hash has been cracked the so is the other, however most authentication is done using some user/email attribute also. Usually we fetch user/email, hash password, compare to hash in database - authenticate if match or deny if not.

lotu on June 7, 2012 [–]

So, no changing of email without changing the password then?

jmaygarden on June 7, 2012 | [–]

No, just require that the password is entered to change the user's email address. Then a new hash can be generated and stored.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact