"We mask passwords through a process called hashing using a function known as bcrypt, which replaces the actual password with a random set of numbers and letters that are stored in Twitter's system..." Is this how we're using the word "random" now?
-
p.s I don't mean the output to the BCrypt function is not deterministic (it is deterministic), I mean the output of BCrypt, to an attacker that doesn't know the plaintext password + salt, is supposed to be basically random. That's what I'm getting @
Yeah, I understand the intent. And the average Twitter user would get closer to the truth, and wouldn't question it.
-
-
I mean, the fact that twitter is still using BCrypt with SCrypt and Argon2id out is bad (BCrypt is 19 years old now!) and not as hard as it used to be on today's hardware. I think I'm more concerned about that personally.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Yes, I also get the intent, but there are better ways to explain it I suspect
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.