|
|
|
|
|
|
by tylersmith
2967 days ago
|
|
|
As others have stated, you'd just be changing the secret from <password> to H(<password>). The better solution is using asymmetric cryptography to perform a challenge-response test. E.g. the user sets a public key on sign up and to login they must decrypt a nonce encrypted to them. |
|
|