aidantwoods
commented
1 year ago What is the use case you have in mind for this?
The local mode might be workable using bcrypt output, but using just a password to derive key material would open up concerns around brute force that might not need to exist using a CSPRNG generated key instead.
The server side token could be produced this way ?
So then there is nothing local on the server