Regarding secure password storage

Regarding: [password storage](https://github.com/ByteByteGoHq/system-design-101#how-to-store-passwords-safely-in-the-database-and-how-to-validate-a-password)

I feel that simply saying "hash" here is a little... irresponsible. Without mention of actually having some kind of work factor/key derivation/key stretching ([owasp](https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#work-factors), [wiki: key derivation](https://en.wikipedia.org/wiki/Key_derivation_function), [wiki: key stretching](https://en.wikipedia.org/wiki/Key_stretching)) it seems like fairly poor advice. Recommending only "using a salt" seems entirely insufficient.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Regarding secure password storage #46

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Regarding secure password storage #46

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions