top | item 25504613

(no title)

vmarquet | 5 years ago

I think the term "peppering" is mostly used for server side manipulation of the password, which the user is unaware of.

It would be very confusing to reuse this term for what is described in this article, so a new term like "Horcruxing" can be relevant. I like it.

discuss

inopinatus|5 years ago

I fear it may be unfair to expect most end-users to apply this scheme appropriately and consistently, and therefore recommend that it be known as mustard.

kortex|5 years ago

I was thinking currying, as it is both spice-themed and analogous to function currying in that you take your base password, curry it with the secret to get the submitted password.

chairmanwow1|5 years ago

I think I really disagree with you there. This is the same concept but applied client-side instead of server-side.

But “client-side peppering” won’t get you to the front page of HN..

molszanski|5 years ago

I would click “client-side peppering” over horxsomething, didn't read Harry Potter

tgb|5 years ago

I think these concepts are significantly different - as different as salts and peppers at least. Peppering helps protect against database access revealing password. Horcrux protects against password manager access. Peppering is stored on the server, but outside the database. Horcruxes are stored in the user's head. You could do both, one, or neither. Client-side peppering would be having part of your password outside of the password manager but still on your computer. If anything it's brain-side peppering.

kkirsche|5 years ago

Agreed. A common reason for shared terminology in computing is to encourage re-use of techniques, this is a great example of that