undefined | Better HN

0 pointsmasklinn1y ago0 comments

Note that the "safe" version makes very bespoke choices: it prehashes only overlong password, and does so with hmac-sha512 (which it b64-encodes). So it would very much be incompatible with other bcrypt implementations when outside of the "correct space".

These choices are documented in the function's docstring, but not obvious, nor do they seem encoded in a custom version.

0 comments

jszymborski1y ago

Sounds like it would then make sense to hide crypto primitives and their footguns under a "hazmat" or "danger" namespace, sorta like webcrypto or libsodium.

So something like crypto.danger.bcrypt and crypto.bcryptWithTruncation

j / k navigate · click thread line to collapse

0 pointsmasklinn1y ago0 comments

These choices are documented in the function's docstring, but not obvious, nor do they seem encoded in a custom version.

0 comments

jszymborski1y ago

Sounds like it would then make sense to hide crypto primitives and their footguns under a "hazmat" or "danger" namespace, sorta like webcrypto or libsodium.

So something like crypto.danger.bcrypt and crypto.bcryptWithTruncation

j / k navigate · click thread line to collapse