On Wednesday, January 4, 2017 at 1:40:40 PM UTC+7, Jonathan Yu wrote: > > > > While I agree that client-side hashing is overkill, I think the threat > model it's intended to protect against is a compromised *server*, since > this would prevent the server from ever seeing the plaintext password. > > In practice, I think most sites use TLS as you describe, and use bcrypt or > similar on the server, along with rate limiting. This protects against > everything except an advanced persistent threat (APT). > > -- >
I fail to see the purpose of client-side hashing. If the attacker gets the client's username and hashed password, what good does hashed password do if the attacker can also send the same username and hashed password to the server pretending to be the real client? If the server is already compromised in such that the attacker can listen to clients' authentication process, there is no more value in obtaining the user's actual password. If the attacker compromises the server to such an extent, it is irrelevant whether the server receives the user's actual or hashed password. If you are talking about client-side encryption, I would think that TLS already does that for you. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
