Explore >> Select a destination
|
You are here 
|
blog.andlabs.org | ||
| | | | |
dusted.codes
|
|
| | | | | SHA-256 is not a secure password hashing algorithm | |
| | | | |
myers.io
|
|
| | | | | Every so often I see posts on Stack Exchange, or Hacker News where someone has figured out that their passwords are being sent to the server and the server can see them! The logic that we see is that if the password is hashed client side, then only the hash needs to be sent to the server, so the server never knows the password. Unfortunately, I sometimes even see this go one step further when people suggest that with this arrangement, HTTPS isnt required. Wrong. | |
| | | | |
educatedguesswork.org
|
|
| | | | | [AI summary] This article discusses password security challenges on websites, focusing on vulnerabilities like remote attacks, password reuse, phishing, and the importance of secure password storage and authentication methods. | |
| | | | |
www.kusari.dev
|
|
| | | Kusari CEO Tim Miller is a guest on popular podcast, daBOM - speaking with DJ Schleen about solving supply chain security challenges using SBOMs | ||
