Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.) from Mike West on 2014-10-16 (public-whatwg-archive@w3.org from October 2014)

From: Mike West <mkwst@google.com>
Date: Thu, 16 Oct 2014 11:46:20 +0200
To: John Mellor <johnme@google.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Sigbjørn Vik <sigbjorn@opera.com>, rescator@emsai.net
Message-ID: <CAKXHy=dPNBYc9Hpca-x-4pA_AEosu_qxkwEbio3HmmQaOo55Dw@mail.gmail.com>

On Thu, Oct 16, 2014 at 11:43 AM, John Mellor <johnme@google.com> wrote:

> On 16 October 2014 08:52, Mike West <mkwst@google.com> wrote:
>
>> * Server stores credentials as `sha512(password + username)`.
>>
>
> It might be better to require PBKDF2/bcrypt/scrypt.
>

Yeah, that certainly makes sense.

-mike

Received on Thursday, 16 October 2014 09:47:05 UTC