What Okta Bcrypt incident can teach us about designing better APIs
#readings@ilyosshares
The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Under a specific set of conditions, listed below, this could allow users to authenticate by providing the username with the stored cache key of a previous successful authentication.
#readings@ilyosshares