You don't have to trust the client-side hashing function, as ordinarily you're not expecting it to be implemented on top of ordinary security. It's simply a bonus level of security a site can provide
From the user's perspective, the same benefits would be obtained equally well by simply not re-using passwords. From the web designer's perspective, there's no benefit to hashing on the client vs. on the server.
even in the case of SSL transport, in case the receiver is compromised
The hash is still the password, so if the receiver is compromised, you get the password.
If the protocol enforces hashing on the client-side before sending, you don't have to worry about trusting the client-side or javascript being disabled.
Maybe you have confused hashing with encryption.
bob knight bob knight lavar arrington hope solo dancing with the stars hope solo dancing with the stars jack wagner matt jones
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.