Just take the string as bytes and hash it ffs

  • Saik0@lemmy.saik0.com
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    If you hash in the browser it means you don’t salt your hash. You should absolutely salt your hash, not doing so makes your hashes very little better than plaintext.

    That’s not true. If they send hashed password you could salt/hash again on server if you’re trying to keep the salt “secret”. Their hash should always be the same if they’ve submitted the same password. You’d just be hashing a hash in that case… but it’s the same premise.