Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.) from John Mellor on 2014-10-16 (public-whatwg-archive@w3.org from October 2014)

From: John Mellor <johnme@google.com>
Date: Thu, 16 Oct 2014 10:43:57 +0100
To: Mike West <mkwst@google.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Sigbjørn Vik <sigbjorn@opera.com>, rescator@emsai.net
Message-ID: <CAG_kaUZ9mN9y4xNU3GQQ8b6DfsaCvMZ-fsnC1s2CBmnteLtXdg@mail.gmail.com>

On 16 October 2014 08:52, Mike West <mkwst@google.com> wrote:

> * Server stores credentials as `sha512(password + username)`.
>

It might be better to require PBKDF2/bcrypt/scrypt.

Received on Thursday, 16 October 2014 09:44:37 UTC