Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Tokens are secrets.

Passwords are secrets.

Ed25519 private keys are secrets.

We hash passwords.

Thus we must hash tokens.

Should we therefore hash our Ed25519 private keys?



> Should we therefore hash our Ed25519 private keys?

No, but I'm of the opinion that you should encrypt private keys before storing them in a database.


What about the key that decrypts the private keys?


Encrypt that one too! Chelonia all the way down.


Isn't there a weird attack possible with publishing SHA512 hashes of Ed25519 private keys that Signify barely side-stepped?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: