From 331c9730130708d39911c54d1de73c3cff09c8da Mon Sep 17 00:00:00 2001
From: Ben Burwell <ben@benburwell.com>
Date: Sun, 18 Jan 2015 16:06:48 -0500
Subject: Updated accounts/passwords article to include bcrypt

---
 ...ur-website-is-not-special-dont-make-visitors-make-accounts.markdown | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to '_posts')

diff --git a/_posts/2015-01-16-your-website-is-not-special-dont-make-visitors-make-accounts.markdown b/_posts/2015-01-16-your-website-is-not-special-dont-make-visitors-make-accounts.markdown
index 31ac7b7..fddac2c 100644
--- a/_posts/2015-01-16-your-website-is-not-special-dont-make-visitors-make-accounts.markdown
+++ b/_posts/2015-01-16-your-website-is-not-special-dont-make-visitors-make-accounts.markdown
@@ -22,8 +22,7 @@ And if you do offer accounts, here are a couple of rules to follow to ensure a g
 Of course, there are technical details that you need to be watching out for that are outside the scope of this post. I'll leave it to you to make sure your implementation is secure and robust, but I'll leave you with a few general tips:
 
 * Don't invent your own crypto. This applies to protocols, hashing, encryption, everything.
-* Use salt.
-* Use a slow, secure hash function like SHA-256. Don't use MD5!
+* Use [bcrypt](http://codahale.com/how-to-safely-store-a-password/). Don't use MD5!
 * Using unsecured HTTP (no SSL/TLS) is inexcusable.
 * Don't invent your own crypto.
 * *Don't invent your own crypto.*
-- 
cgit v1.2.3