You are viewing a single comment's thread from:
RE: Horizons Week 4 - Web App Authentication and Further Crypto Adventures
just a small addition, since I am here:
- user don't need to send their passwords in clear. you send them the salt then they send you the hash.
- use a hard for GPU hash function, like those use for mining: scrypt, bcrypt. Sha is too fast. At least use PBKDF2
- use a library that test the password strength like zxcvbn (there are different implementations)