Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The only downside I think of is that it's not possible to recover from an outage with just the code and a database backup.


I guess that is true, but if you store the encryption key in a secret store on Azure or AWS, I wouldn't really worry about that.

Maybe the real question is why use a pepper over encryption?

They have the same downside (as you mentioned) but at least you can change the encryption key without having all the users change passwords. I don't see any advantage in using a pepper over encryption, except maybe implementation complexity.


Pepper, encryption, they both guard against drive-bys, which can happen for sure (missing backups anyone?) but they're not the only thing that can happen.

Like any disaster preparedness situation, make sure your strategy doesn't count on an asset you've already listed as unavailable.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: