|
|
|
|
|
|
by Sammi
627 days ago
|
|
|
Does this permit taking a sha 512 digest hash of the user input and returning that digest hash to the backend for proper password hashing? My interpretation is that the entire password is being verified, even though the backend is only ever verifying a sha 512 digest hash of it. (Oh and why would you do this? To be able to support arbitrary length passwords without opening yourself up to ddos attacks. Support as long passwords as the user wants - only the digest hash is sent.) |
|
|