Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.)

Mike West Thu, 16 Oct 2014 02:47:01 -0700

On Thu, Oct 16, 2014 at 11:43 AM, John Mellor <joh...@google.com> wrote:


> On 16 October 2014 08:52, Mike West <mk...@google.com> wrote:
>
>> * Server stores credentials as `sha512(password + username)`.
>>
>
> It might be better to require PBKDF2/bcrypt/scrypt.
>

Yeah, that certainly makes sense.

-mike

Re: [whatwg] Hashing autofilled data (was Re: Proposal: Write-only submittable form-associated controls.)

Reply via email to