|
|
|
|
|
|
by Terribledactyl
3062 days ago
|
|
|
It's fine if you can invalidate the secret after some finite number of tries and block a particular actor from attacking many accounts. And there's no leaking cross sites if someone obtains and breaks the salted hash db. |
|
|