Hacker News new | ask | show | jobs
by thegreatpl 3389 days ago
Actually, Passwords should never be hashed client side. Otherwise, a man in a middle attack could intercept the hash and get your password, allowing them to log in. Instead, the password should be encrypted to the server, and hashed there.
1 comments
hvidgaard 3389 days ago
If a MitM attack can get my hash, what do you think they can get if I send the password to be hashed by the server?
link
grey-area 3389 days ago
So what does your hash add?
link
hvidgaard 3389 days ago
Verifiable protection against data breaches.
link