Y
Hacker News
new
|
ask
|
show
|
jobs
by
nitrogen
1711 days ago
There are formalized approaches to keeping the server from knowing the password at any time:
https://en.m.wikipedia.org/wiki/Password-authenticated_key_a...
SRP is one such system:
https://en.m.wikipedia.org/wiki/Secure_Remote_Password_proto...
1 comments
staticassertion
1711 days ago
The various ZKP approaches are considerably more complex to implement properly vs the trivial approach of a client side hash. There are obvious tradeoffs, of course, but I wouldn't fault someone for an additional hash step on the client.
link