If all you do is hash {pw|salt} clientside, the connection is no safer than it used to be, as the hash can be replayed. We must hash differently, in a way that prevents replays.
Steps to Reproduce
um
Fix Recommendation
Some type of hashing that uses (maybe) time, or salt or pepper.
lyellread
commented
4 years ago
Explanation
If all you do is hash {pw|salt} clientside, the connection is no safer than it used to be, as the hash can be replayed. We must hash differently, in a way that prevents replays.
Steps to Reproduce
um
Fix Recommendation
Some type of hashing that uses (maybe) time, or salt or pepper.