W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2014

Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.)

From: Mike West <mkwst@google.com>
Date: Thu, 16 Oct 2014 11:46:20 +0200
Message-ID: <CAKXHy=dPNBYc9Hpca-x-4pA_AEosu_qxkwEbio3HmmQaOo55Dw@mail.gmail.com>
To: John Mellor <johnme@google.com>
Cc: whatwg <whatwg@lists.whatwg.org>, Sigbjørn Vik <sigbjorn@opera.com>, rescator@emsai.net 
On Thu, Oct 16, 2014 at 11:43 AM, John Mellor <johnme@google.com> wrote:

> On 16 October 2014 08:52, Mike West <mkwst@google.com> wrote:
>
>> * Server stores credentials as `sha512(password + username)`.
>>
>
> It might be better to require PBKDF2/bcrypt/scrypt.
>

Yeah, that certainly makes sense.

-mike
Received on Thursday, 16 October 2014 09:47:05 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 17:00:24 UTC