Re: Why trust any third party?
d3rrial wrote:
"why not use "considerdollarbaseready fARSEbook" as password directly instead of hashing it first? It's not like you're adding anything to the password, that would make it safer, by hashing it"
Because he does not know how the site stores the password, and there are plenty of lamentable examples. If they store a plaintext (or decryptable) version then this will make your 'root' phrase and method apparent, putting your other passwords at much greater risk.
By hashing the 'password' the root is not revealed. There may still be security weaknesses - but this may be an adequate (for this user) compromise between security and convenience.
Biting the hand that feeds IT
