The initial argument for the expired method was to allow for continuous rehashing of passwords on sign up as they became too weak (as defined by days).
The problem with the current expired method is that it is actually cumbersome to use in practice during a sign in, as you would have to hash the same password twice given the way verify works.
The initial argument for the
expiredmethod was to allow for continuous rehashing of passwords on sign up as they became too weak (as defined bydays).The problem with the current
expiredmethod is that it is actually cumbersome to use in practice during a sign in, as you would have to hash the same password twice given the wayverifyworks.