Outer Web | Explore

Explore >> Select a destination

You are here		qsantos.fr Client-Side Password Hashing \| Quentin Santos
\|	\|	myers.io Why You Shouldnt Hash on the Client - myers.io	8.2 parsecs away Travel
\|	\|	Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong.	8.2 parsecs away Travel
\|	\|	kevquirk.com How Websites Check Your Password \| Kev Quirk	8.9 parsecs away Travel
\|	\|	Ever wondered how websites check your password? I mean, how can they check your password without being able to read it? It's a catch 22, surely?	8.9 parsecs away Travel
\|	\|	blog.josefsson.org On Password Hashing and RFC 6070 - Simon Josefsson's blog	7.4 parsecs away Travel
\|	\|		7.4 parsecs away Travel
\|	\|	8yd.no Scramble ramble: Passwords, salt and hash \| H.W. Sanden	15.4 parsecs away Travel
\|		Passwords should be set, not sent - and other things I thought about when someone talked about password-emailing as a natural part of the user registration. I'm no security expert, but that's a big n...	15.4 parsecs away Travel