|
|
|
|
|
|
by amalcon
2587 days ago
|
|
|
That's not why (the salt does need to be secret secret), but it is true that the hashing should not be done client side. It's more because it doesn't actually accomplish a whole lot. The hash basically just becomes the password, so you'd need to hash it again on the server to get the same level of security. |
|
|