1. 5

Scared to disclose? It’s too weak.


  2. 3

    I think putting it on the signup page is a bit much, but having it in the privacy policy would probably make sense. For Pushover I’ve always had something in the FAQ that explains how the internals work.

    Lobste.rs (and everything I’ve written that has user authentication in the past many years) uses bcrypt if anyone cares.

    1. 1

      Only good sites will do this anyway.

      1. 1

        Yes, but if the good sites all did post their storage scheme, then I would think twice about registering. As it is now, I have no way to be assured that my account with any given service is safe.

        1. 1

          Maybe. I don’t think it’ll get enough traction to make this a useful heuristic.