Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
joesb
11y ago
0 comments
Save
Share
The attacker would then intercept that scrypt hash sent from the client and use it to authenticate.
0 comments
1 comments · 1 top-level
top
newest
oldest
timeal
11y ago
You can't. The scrypt hash should be protected by HTTPS the same way a website password is protected by HTTPS.
j
/
k
navigate · click thread line to collapse
