Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The salt could be created from the username (possibly with a standardize form step for case insensitively and maybe also including a site salt).

On mobile devices client side hashing could affect battery life. If done with javascript, then login won't work without javascript enabled. Also, a work factor that doesn't slow down the slowest devices that a user might use could provide much less protection than desired, although the server could also do some work.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: