undefined | Better HN

0 pointsk1t5y ago0 comments

If all you are comparing is HASH(random_string + hashed_password) then it will still work.

The server will give me random_string and I know hashed_password from the DB leak.

Obviously this assumes the login process actually works as described in the earlier post.

0 comments

That protects hashes from leaking in transit, for the scenario with 3rd party TLS terminators mentioned above.

j / k navigate · click thread line to collapse

That protects hashes from leaking in transit, for the scenario with 3rd party TLS terminators mentioned above.

j / k navigate · click thread line to collapse