A million guides preaching to use bcrypt instead of SHA1, not one with procedures to increase cost as time passes. Am I missing something?
@triskweline Start with a generous enough factor (e.g. the default), upgrading in place is about 3 lines of code 5-10 years from now.
-
-
@patio11 Do you know if I'll be able to buff my existing hashes in 5 years? Since I won't have the clear passwords from which the came. -
@triskweline Yes. You wait until someone tries to log in and if they succeed re-save their password with a higher factor. - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.