undefined | Better HN

0 pointsSiira5y ago0 comments

Can’t the hash be computed through some browser API? The browser can then visually show when plaintext passwords are being sent.

0 comments

y74y ago

If you're willing to rely on client-side code for authentication, there are better mechanisms, such as https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...

There is a standard for it, called TLS-SRP, but unfortunately no browser supports it.

j / k navigate · click thread line to collapse

0 pointsSiira5y ago0 comments

Can’t the hash be computed through some browser API? The browser can then visually show when plaintext passwords are being sent.

y74y ago

If you're willing to rely on client-side code for authentication, there are better mechanisms, such as https://en.wikipedia.org/wiki/Secure_Remote_Password_protoco...

There is a standard for it, called TLS-SRP, but unfortunately no browser supports it.

j / k navigate · click thread line to collapse