|
|
|
|
|
|
by zrm
2958 days ago
|
|
|
> It would also be useful in finding hash collisions which would give an attacker access to a user's account without needing the actual password If it's practical to find a hash collision, your hash algorithm is broken. > which is made easier with the ability to study the client-side code doing the hashing, and taking note of the algorithm and methods used. The security of a system should not depend at all on that information being secret. |
|
|