https://news.ycombinator.com/user?id=CyberLilyHacker News RSShttps://hnrss.org/hnrss v2.1.1Mon, 15 Jun 2026 14:23:53 +0000Hashing passwords client-side is generally a bad idea, since it means that the hash effectively becomes the password. For example, if I have a database row that has the hash of the password and a bad-guy gets access to the database, they will get the hash. The benefit of a hash is that it is a one-way operation, I can't figure out the plaintext from the hash, so my account is safe. If the password is hashed on the client, and sent to the server the attacker doesn't need to reverse the hash, they can just send the hash in the request. Instead, you should send the password to the server (using TLS encryption) and do the hash and compare on the server.

]]>Wed, 13 May 2026 20:21:27 +0000https://news.ycombinator.com/item?id=48126972CyberLilyhttps://news.ycombinator.com/item?id=48126972https://news.ycombinator.com/item?id=48126972