|
|
|
|
|
|
by iGoog
2967 days ago
|
|
|
If a hash is salted with a domain it won't be use-able on other websites. You should additionally hash the hash on the server, and if you store the client hashes, you can update the salts on next-sign in. A better question is why clients should be sending unhashed passwords to servers in the first place.
https://medium.com/the-coming-golden-age/internet-www-securi... |
|
|
Also, hashed passwords shouldn't be logged either.