You are viewing a single comment's thread from:

RE: Horizons Week 4 - Web App Authentication and Further Crypto Adventures

in #life4 years ago

just a small addition, since I am here:

  • user don't need to send their passwords in clear. you send them the salt then they send you the hash.
  • use a hard for GPU hash function, like those use for mining: scrypt, bcrypt. Sha is too fast. At least use PBKDF2
  • use a library that test the password strength like zxcvbn (there are different implementations)



Very true, thanks for pointing out my error!