Just take the string as bytes and hash it ffs

  • @CommanderCloon@lemmy.ml
    link
    fedilink
    English
    53 months ago

    If you hash in the browser it means you don’t salt your hash. You should absolutely salt your hash, not doing so makes your hashes very little better than plaintext.

    • Shadow
      link
      fedilink
      English
      5
      edit-2
      3 months ago

      There’s nothing stopping a browser from salting a hash. Salts don’t need to be kept secret, but it should be a new random salt per user.

    • Saik0
      link
      fedilink
      English
      13 months ago

      If you hash in the browser it means you don’t salt your hash. You should absolutely salt your hash, not doing so makes your hashes very little better than plaintext.

      That’s not true. If they send hashed password you could salt/hash again on server if you’re trying to keep the salt “secret”. Their hash should always be the same if they’ve submitted the same password. You’d just be hashing a hash in that case… but it’s the same premise.