On Sat, Feb 6, 2010 at 5:11 PM, Matt Lyon <[email protected]> wrote:
> +1 to using a password scheme that allows for future extensibility
> and/or change.
I'd love to hear people's ideas about what schema to store the passwords in:
maybe something like this in the _user doc:
{
credentials : {
type : "bcrypt",
whatever else
}
}
>
> As to why storing passwords as a hashed signature (even with a salt),
> this has been making its rounds through the ruby community recently:
> http://codahale.com/how-to-safely-store-a-password/
>
> just because a hash signature is a one-way function doesn't mean it's
> necessarily cryptographic.
>
--
Chris Anderson
http://jchrisa.net
http://couch.io
