I'm going to code a Login and the Webpage is ssl secured but should i hash the Password before it gets posted?

  • 4
    YES! Always
  • 0
    yes, whats lastdigits says, and because you still have to start coding, do it properly in one time.

    Secure it by making it irreversable. Hash the password with a salt, unique, 1 for every user. Do it client side and do it in one time. Hash, post, dont store...
  • 0
    @BadCompany With don't store you mean i shouldn't store the salt
  • 0
    @LastDigitOfPi Aber wie? Gibt's da ne Javascript library womit man hashen kann?
  • 1
    @nobes i explain a little bit better but i suggest you do some googling, its very important.

    in short

    server sends a random value to user.
    user encrypts/hash the random value with the hash of their password.
    user posts the result as a password.
    server receives, does the same, and compares­čśÄ

    while the client is 'encrypting' the data, dont store it, also not in hashed form
  • 0
    @BadCompany Ok now i understand. And on registration? Do i just hash the password?
Your Job Suck?
Get a Better Job
Add Comment