netlify[bot]
commented
1 year ago Deploy Preview for selfoss canceled.
| Name | Link |
|---|---|
| Latest commit | f00f3f8551d7cc5d332fc06ec4321e0cef9057d9 |
| Latest deploy log | https://app.netlify.com/sites/selfoss/deploys/63bd3476dbc0b600091e4e75 |
It is more performant than relying on the web browser, therefore more hashing rounds can be used, leading to more secure hashes.
Additionally, server will have access to more audited crypto library than crypto.js so hopefully, it will be more secure on that front as well.
Lastly, crypto.js would significantly increase the size of the JavaScript bundle necessitating a separate bundle. Now we will be able to merge it.
The downside is that now, the password is passed to the server in plain text. But the same happens every time user logs in so we do not lose much. Also, since the hashing is computationally intensive, it could potentially be used to perform a DoS attack.