Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  In our practice, password reset tokens and encrypted 
  session cookies continue to be the top source of 
  exploitable crypto vulnerabilities in web applications. 
  You don't need encryption to build either of these 
  features; send 128 bit random numbers that key a database  
  row instead.
That's what I wanted to hear - thank you.


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: