|
|
|
|
|
|
by k1t
1992 days ago
|
|
|
If all you are comparing is HASH(random_string + hashed_password) then it will still work. The server will give me random_string and I know hashed_password from the DB leak. Obviously this assumes the login process actually works as described in the earlier post. |
|
|