W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.)

From: John Mellor <johnme@google.com>
Date: Thu, 16 Oct 2014 10:43:57 +0100
Message-ID: <CAG_kaUZ9mN9y4xNU3GQQ8b6DfsaCvMZ-fsnC1s2CBmnteLtXdg@mail.gmail.com>
To: Mike West <mkwst@google.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Sigbjørn Vik <sigbjorn@opera.com>, rescator@emsai.net
On 16 October 2014 08:52, Mike West <mkwst@google.com> wrote:

> * Server stores credentials as `sha512(password + username)`.
>

It might be better to require PBKDF2/bcrypt/scrypt.
Received on Thursday, 16 October 2014 09:44:37 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC