How else do you allow someone to use a password to login? I suppose you could ru... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lstamour on Feb 3, 2015 \| parent \| context \| favorite \| on: Authentication Cheat Sheet How else do you allow someone to use a password to login? I suppose you could run the hash locally if they have JavaScript-- but if they don't, then what? (Edit: Good point, all the hash achieves is that the user's entry isn't sent in clear text -- of course, the hash itself then becomes the password for the purposes of authorization.)

slavak on Feb 3, 2015 [–]

Running a hash locally is equally useless. You've effectively turned the hashed value into the password itself, achieving nothing.

There are secure key-exchange schemes that don't require sending over the raw password, but this isn't an example of one.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact