I guess because they didn't anticipate this flaw. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stavros on Feb 5, 2025 \| parent \| context \| favorite \| on: Okta Bcrypt incident lessons for designing better ... I guess because they didn't anticipate this flaw.

masklinn on Feb 5, 2025 [–]

Also prehashing opens you up to an other bcrypt flaw you need to be aware of: it stops at the first NUL byte, so you need to use some sort of binary-to-text encoding on top of the hash to ensure you don't have any of those in the data you ultimately hand off to bcrypt.

Dylan16807 on Feb 5, 2025 | | [–]

It's astounding how bad the default API for Bcrypt is.

coolgoose on Feb 5, 2025 | | [–]

Thank you

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact