Re: Browser side form encryption

It is a shame that if you changed your domain you would have to force users
to reset their passwords. I did mean hash and not encrypt, that was my
mistake; the salt (which could optionally have a server generated salt on
top of that) was intended to prevent the server from being able to replay
your password to other servers. I'm glad this area of the internet is more
insightful and understanding toward security analysis than the rest of the
general public spaces such as stack exchange, where this inquiry and many
others are met with random hostility and ignorance.

Received on Sunday, 7 October 2018 17:43:51 UTC