Maybe it should. Discarding the rest of the bytes works fine for *passwords*, th... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		taurknaut on Feb 6, 2025 \| parent \| context \| favorite \| on: Okta Bcrypt incident lessons for designing better ... Maybe it should. Discarding the rest of the bytes works fine for passwords, though. I guess that's just not sufficient.

pclmulqdq on Feb 6, 2025 [–]

In my book, discarding entropy is a generally dumb thing to do. Passwords are usually under 72 chars, but a lot of people use concatenations of usernames and passwords in their hash to get guaranteed domain separation between users.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact