Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Because I don't want the developers of your site to be able to find out the password I also use on other sites.


So you trust the developers of a web site's word that they hashed your password, because you don't trust them to not look at it? You trust someone's word that they're not doing something you don't trust them not to do?

Right. Anyway, for future reference, just remember that if you send your password to someone, and they want to look at it for some reason, they can, regardless of their (claimed) database/authentication design.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: