Timeline for Is there a secure way to check previous passwords purely on the client-side?
Current License: CC BY-SA 4.0
3 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Feb 5, 2019 at 22:37 | comment | added | Ed Grimm | It's answering the same question, it's just assuming that the person reading it realizes what is being intended. Specifically, gnasher729 is suggesting storing the passwords in a hash locally in addition to in the password database... But while that would technically work, it would probably violate other requirements. It at least violates the spirit of having the existing database be authoritative for passwords and provides another place where the hashed passwords can be acquired for brute-force cracking. And it's likely to be implemented much less securely than the intended repository. | |
| Feb 5, 2019 at 20:05 | comment | added | 8bittree | This seems to be answering a different question. Or else has a severe misunderstanding of how hash functions and salts work. | |
| Feb 5, 2019 at 7:50 | history | answered | gnasher729 | CC BY-SA 4.0 |