Why You Should Never Store Plaintext Passwords (And How Bcrypt Fixes That)
Last year I was doing a security audit on a legacy codebase and found a users table with passwords stored in plain SHA-256. No salt. No iteration. Just a straight hash. I ran a rainbow table against it and cracked 60% of the passwords in under four m...
zovo.hashnode.dev4 min read