|
|
|
|
|
|
by haomiao
4486 days ago
|
|
|
Ok, is the idea that user should log in once on the client device, and the client should not store the password, encrypted or otherwise. Then all subsequent messages to the server use HMAC for verification? When does the user need to enter login information again? |
|
|