FrankChen021
commented
6 years ago raw password/protection answer/access code are all hashed at the client side
Closed FrankChen021 closed 6 years ago
FrankChen021
commented
6 years ago raw password/protection answer/access code are all hashed at the client side
because we enforce the use of SSL, passing the raw password or some confidential data on the internet is safe enough. but when the server has been hijacked, there's a chance for them to get the raw password on the server side.
one solution is to hash the raw password on the client side and then pass it to the server. despite the server is hijacked, the hacker may know the hash result of the password, but he is unable to know the raw password.