|
|
|
|
|
|
by nullc
3990 days ago
|
|
|
Being able to have the client (which knows the password it offered) do this computation isn't something super special though-- it's something that could be done fine with pbkdf2-- for example. If fancy client support is really an option it would usually be better to use a zero-knoweldge authentication protocol (like SRP), though one of these KDFs could be used as a preprocessing step. |
|
|