Hacker News new | past | comments | ask | show | jobs | submit login

Encrypting a password on the client-side means that all a cracker needs to login is the hashed password, which is exactly what they would get from a database dump, thereby bypassing the entire point of hashing the password in the first place. (Yes, I'm aware you could use a different salt on the server than the client, but that would require that the client-side encryption be reversible, which is perhaps even more problematic.)



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: