I use sha512 on the client and on the server (again) sha512 with a user specific salt to finally compare it with the hash stored in the database.
Besides "to be sure", this way the (plain) password is not being stored by the logger that saves all requests and response data of the API.
I use sha512 on the client and on the server (again) sha512 with a user specific salt to finally compare it with the hash stored in the database.
Besides "to be sure", this way the (plain) password is not being stored by the logger that saves all requests and response data of the API.
The client code can be read thus the hashed passwords in your logs are easy to decode.
Hi! How do you mean it will be easy to get access to my log server and use a sha512 rainbow table?