[ https://issues.apache.org/jira/browse/COUCHDB-2066?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13902590#comment-13902590 ]
Jan Lehnardt commented on COUCHDB-2066: --------------------------------------- [~isaacs] I totally follow that train of though. But I also know that crypto is tricky and I don’t want to end up in a situation where we double XOR and then double ROT13 our PWs :) > Don't allow stupid storage of passwords > --------------------------------------- > > Key: COUCHDB-2066 > URL: https://issues.apache.org/jira/browse/COUCHDB-2066 > Project: CouchDB > Issue Type: Bug > Security Level: public(Regular issues) > Reporter: Isaac Z. Schlueter > > If a password_sha/salt combination is PUT into the _users db, wrap that up in > PBKDF2. > Discussion: > https://twitter.com/janl/status/434818855626502144 > https://twitter.com/izs/status/434835388213899264 > https://twitter.com/janl/status/434835614790586368 -- This message was sent by Atlassian JIRA (v6.1.5#6160)