kleinsch
14 hours ago
Author of this article learned a lot about password hashing, missed the detail that this was in logs, not the database. Usually you try to avoid logging passwords, you don’t hash them in logs.
appendix-rock
9 hours ago
Yup. A bunch of coverage is understating this point, and the peanut gallery commenters are taking it hook, line, and sinker. Accidentally logging plaintext passwords, whilst concerningly incompetent, is not on the same level as explicitly deciding to store plaintext passwords.