Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't under stand the confusion in the other replies here.

1) lowercase inputted password. 2) hash password 3) compare hash to db hash (which was from a lowercased initial password).



Because this isn't how they do it. that method is the same as the Blizzard method, and it is a lot less secure than transforming the plain text and trying the three different combinations(normal, uppercase first and capslock password)


Ah, sorry, I missed the top of this reply-thread. I was referring to the story, not Facebook. :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: