Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

According to the Postgres documentation, CHKPass is implemented on top of the crypt() unix function.

More details would be welcome... What hashing function are you using at Heroku? Short of bcrypt, all it gives is a false sense of security.

As is, it sounds more dangerous than useful.



There are plenty of reasonable options besides bcrypt, including PBKDF2 and scrypt.


To that mind, the post has been amended to drop support for that one extension. Unless you have a great use case, it seems like the consensus is "do not use chkpass".

pgcrypto should have everything one needs and probably a few more things.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: