Linked Questions
20 questions linked to/from Why is client-side hashing of a password so uncommon?
4 votes
3 answers
2k views
To lighten server load, is hashing a client-side Argon2-hashed password with SHA-256 on the server-side at least as safe as server-side only Argon2?
I am trying to achieve better security in my authentication system implementation with both server-side hashing and client-side hashing. (See the first reference below for more prerequisite knowledge.)...
- 151
0 votes
4 answers
776 views
Does TLS hash passwords before encrypting?
Suppose I am logging into Gmail by giving my credentials. Does my plaintext get encrypted or is it first converted to the hash and the hash encrypted? And also if I am communicating to the bank web ...
0 votes
4 answers
256 views
Are users meant to hash their passwords? [duplicate]
When a user logs into their account on my server, should they send their raw data to me, and then I bcrypt compare them, or are they supposed to hash and and I directly compare? I ask this because ...
- 129
1 vote
1 answer
165 views
Why is the password field blanked in the registration form if the validation fail? [duplicate]
Is it really a problem if you send back the password when the validation fail on a registration form? I understand that the html that is sent back could be cached on the computer of the person ...
- 7,021
0 votes
0 answers
34 views
Client-side encryption of a password? [duplicate]
I'm trying to wrap my head around authentication/authorization process within web-app that encrypt data on the client-side and I'm getting very confused about it. Hopefully, you could clarify it to me....
