|
|
|
|
|
|
by lixtra
2646 days ago
|
|
|
Ideally the server doesn’t need to remember the salt it sent to the client, so it should be signed together with a timestamp to avoid reuse. While you’re at it you can also add some hash puzzle to be solved by the client increasing difficulty with failed logins. |
|
|