|
|
|
|
|
|
by cyphar
3242 days ago
|
|
|
> I wasn't familiar with the one that involves brute-forcing it on every login attempt, and I've never heard of it being used in production on a real site (whereas a global shared secret seems to be reasonably common). In case you're interested, that is the same scheme as the one used by JoeyH's keysafe[1]. [1]: http://joeyh.name/code/keysafe/ |
|
|