It's one of the oldest tricks in the books 🙃 • Aaron Parecki

47°F

🌌🌵🛸Bret🏜👨‍👩‍👧🚙 https://twitter.com/bcomnes • Dec 11
Has anyone tried a password auth system that standardizes on some front-end hashing strategy, so that the API never sees/touches the plain text version of the password?

It's one of the oldest tricks in the books 🙃

Portland, Oregon • 41°F

Thu, Dec 10, 2020 9:16pm -08:00

3 replies
Have you written a response to this? Let me know the URL:
- 🌌🌵🛸Bret🏜👨‍👩‍👧🚙 twitter.com/bcomnes
  
  ah yeah @Johannes_Ernst mentioned that. Looks like a funky variant of basic auth. > doesn't really solve things the way you'd expect. Know of any writing on perspective on that? Curious what the issues were SRP looks like a promising approach. medium.com/swlh/what-is-s…
  
  Fri, Dec 11, 2020 4:06pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  It's part of the old-school HTTP Digest Auth en.wikipedia.org/wiki/Digest_ac… It just doesn't really solve things the way you'd expect.
  
  Fri, Dec 11, 2020 3:57pm +00:00 (via brid-gy.appspot.com)
- 🌌🌵🛸Bret🏜👨‍👩‍👧🚙 twitter.com/bcomnes
  
  I know bcrypt/hash+salt on server for storage has been best practice for ages. Or has client/browser side hashing before sending to a server been wide spread?
  
  Fri, Dec 11, 2020 3:43pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using indigenous.abode.pub/ios