Skip to content
This repository was archived by the owner on Nov 27, 2019. It is now read-only.
This repository was archived by the owner on Nov 27, 2019. It is now read-only.

Re-encrypt password on server-side #3

Open
Open
Re-encrypt password on server-side#3
Labels
security
@Alanaktion

Description

@Alanaktion
Alanaktion
opened on Dec 29, 2015

The salted sha512 on the client-side is nice, but in the case of a database breach, it would do very little against a dictionary attack. We should use bcrypt or similar (probably PHP's password_hash()) on the server-side after the client-side hashing to avoid having easily broken hashes persist in the database.

Metadata

Metadata

Assignees

No one assigned

    Labels

    security

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions