this post was submitted on 09 Sep 2024
595 points (99.5% liked)
Programmer Humor
19529 readers
503 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
But if someone got that hashed version they could hack the client to have client side hashing code just send that hashed value to the server. You'd want to have the server to send a rotating token of some sort to use for encrypting the password on the client and then validate it on the server side that it was encrypted with the same token the server sent.
Seems complicated to me... https is probably has good enough encryption, so eh, whatever.
Yeah, if they are able to intercept traffic or access the logs, they probably already have other access to the account without needing the password. If you don't reuse passwords, then your other accounts will be safe from that.