|
|
|
|
|
|
by ikeboy
3661 days ago
|
|
|
If you're using different salts for each password and sending them from the server each time (the first option above), then my point still applies: the client would need to send the same password hashed to different salts, which may weaken security guarantees. (I don't know if any hash algorithms could be exploited using this, though.) |
|
|