Hi again, On Sat, Feb 4, 2017 at 10:27 PM, Yasuo Ohgaki <yohg...@ohgaki.net> wrote:
> Hi Andrey, > > On Sun, Feb 5, 2017 at 3:21 AM, Andrey Andreev <n...@devilix.net> wrote: > >> Have *you* read anything else in the RFC? >> >> The reason why its authors have to recommend salt usage is because it is >> *otherwise the only optional part of the algorithm*. >> > > Nonsense. You misread the RFC and my mail. > Who stores plain text password in db now a days? > It should be crypt() or hash_password(). > > The RFC obviously recommends salt for improved security. > It's even clear from your misunderstood usage, plain text password ikm. > > Speaking of nonsense, I need you to point out where have I ever suggested using passwords - hashed or not - as IKM. At this point it's not even about misunderstandings. You are literally making things up. Cheers, Andrey.
