Techly NewsGet the app

Get the latest tech news

Okta Bcrypt incident lessons for designing better APIs


Hello there! If you follow tech news, you might have heard about the Okta security incident that was reported on 1st of November. The TLDR of the incident was this: The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password.

I decided to check other Google results, and the next Java library in the list was bcrypt from Patrick Favre ( link to GitHub repo) with 513 starts and the last release version 0.10.2 (so, not stable) from 12th of February 2023 (almost 2 years old). What makes things worse is the fact that Bcrypt is used in the domain of security and sensitive data, and, as we can see, most of the tools mentioned above, use password as the name of the input parameter of the hashing method. The hard truth is that on average, the industry today requires the wide spectrum of knowledge over the deep one (check any job opening to verify that claim).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of better APIs

better APIs

Photo of Bcrypt

Bcrypt

« Kaspersky researchers find screenshot-reading malware on the App Store and Google Play
Michael Saylor’s Strategy Has Another Loss Before Accounting Shift Kicks In »