M
Matt Baker
Guest
Go read the Adobe disaster write up on failure to properly store hashed passwords. nakedsecurity.sophos.com/.../ They tried this. Someone broke into their servers and stole account data on 150 million accounts. There was a 4GB compressed bundle of their entire account data dumped out to the public internet. Go read the stack overflow discussion on this for additional thoughts. security.stackexchange.com/.../https-security-should-password-be-hashed-server-side-or-client-side You need to understand WHY they want to hash the passwords on the client side and how to do it properly.
Continue reading...
Continue reading...