M
Matt Baker
Guest
Hashing on the client and comparing the hash against what is on the server is a BAD idea. A hashed password going across the wire is identical to a cleartext password going over the wire. You MUST use a nonce to do this properly. Which means you have to store cleartext on the server...which is an even worse idea. Don't do this.
Continue reading...
Continue reading...