Y
Hacker News
new
|
ask
|
show
|
jobs
by
hunter2_
2967 days ago
"Since if someone has it, they can just send it to the server for auth" unless it's only good for a few moments (the form you type it into constantly polling for a new nonce).
2 comments
deepbreath
2966 days ago
The server would not be able to verify a changing hash without knowing the password
link
jimktrains2
2967 days ago
Or you could just use PAKE or SRP.
link