|
|
|
|
|
|
by aidenn0
875 days ago
|
|
|
If your password is 123456, then client-side hashing will make this less obvious. If the site is compromised in a way that reveals passwords, then it will not trivially work on other sites that use your password. In addition, stronger total hashing can be used, since if your server can do M hashes persecond and your client can do N hashes per second, the total number of hashes to allow a one second login are (M/$NUMBER_OF_CONCURRENT_LOGINS)+N which is strictly larger than (M/$NUMBER_OF_CONCURRENT_LOGINS). SRP[1] is an even better improvement, where an eavesdropper cannot authenticate as you; there is a challenge-response to login. 1: https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco... |
|
|