Re: <input type=password> with hash function from Patrick H. Lauke on 2021-07-21 (www-html@w3.org from July 2021)

From: Patrick H. Lauke <redux@splintered.co.uk>
Date: Wed, 21 Jul 2021 23:07:56 +0100
To: www-html@w3.org
Message-ID: <0c167d61-e0ad-9893-6113-d6c3f438f362@splintered.co.uk>

On 21/07/2021 22:22, matthias.rieger@rehkitz.eu wrote:
> To prevent this case, html should offer <input type="password" hash="sha256" salt="..."> 

But doing that, the site just revelaed their salt to the world, so 
anybody who manages to get hold of the user database can crack it with 
far greater ease.

P
-- 
Patrick H. Lauke

https://www.splintered.co.uk/ | https://github.com/patrickhlauke
https://flickr.com/photos/redux/ | https://www.deviantart.com/redux
twitter: @patrick_h_lauke | skype: patrick_h_lauke

Received on Wednesday, 21 July 2021 22:08:11 UTC