Disclosing password hashing policies
Running a web app? Would you voluntarily share how your web app stores passwords? Some companies indeed do disclose, like Facebook, Twitter, and 1Password to name just a few. Some disclose involuntarily. Some don't share at all, because they don't care. They feel that it will make them more vulnerable. Here's why you should disclose and how.