A hash is a crypto primitive, it's not what you use for that. If you want to sto... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stavros on June 14, 2013 \| parent \| context \| favorite \| on: Don’t Hash Secrets (2008) A hash is a crypto primitive, it's not what you use for that. If you want to store a password, you use a KDF. If you want to fake-sign, you use an HMAC with a secret. You don't use a hash, just like you don't use plain AES to encrypt a file.

finnw on June 14, 2013 [–]

> don't use plain AES to encrypt a file

What does "plain" mean in this context? (If you mean ECB then you are right, but it is ambiguous.)

stavros on June 14, 2013 | [–]

I mean a mode without authenticated encryption:

http://en.wikipedia.org/wiki/Authenticated_encryption

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact