Y
Hacker News
new
|
ask
|
show
|
jobs
by
mtmail
984 days ago
If the hashing takes too long (e.g. 5-10 seconds) the website also risks a denial of service attack.
1 comments
layer8
983 days ago
Yes, though if you do both client-side and server-side hashing (which might be a good idea [0]), then the server only receives the fixed-size client hash.
[0]
https://security.stackexchange.com/a/100517
link
[0] https://security.stackexchange.com/a/100517