Simon Willison’s Weblog

Subscribe

Don't Hash Secrets. A well written explanation from 2008 of why you must use hmac instead of raw SHA-1 when hashing against a secret.