[yetanotherjosh]

Indeed. And: who is hashing passwords on the client? As this would require either not using a salted hash, or sharing the server's salt with the client, in order to obtain identical hash values for comparison. In either case that system's entire password inventory would be a lot more vulnerable.

TLDR don't do that, send passwords over SSL and use a good password hashing algorithm on the server like BCrypt.

[devy]

Yep. Proper password hashing requires per-credential salt, pepper (for all credentials) and a strong algorithm (IV, iterations etc.) Revealing all those information is a leak and arguably making client side hashing less secure (by giving away a lot of parameters for attackers to attack)

[eropple]

NIST may say that you should use "peppers" for passwords, but nobody else does.

None of bcrypt, scrypt, or Argon2 use them and are not materially worse for it.

[devy]

Yes, adding pepper is a recommendation not a mandatory step. But a lot of sites do, I.E. PagerDuty [1], paired with PBKDF2 as many apps requires to meet FIPS certification or enterprise support on many platforms.[2]

[1]: https://sudo.pagerduty.com/for_engineers/

[2]: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet

[totony]

Salts are not meant to be secret, nor are the hashing functions. You gain little by hiding them

[stevewodil]

if you're in the position to or are developing an app use argon2!