Ah answered elsewhere, if the client sends the hash and you log the hash then you still have a problem. The user should change passwords. Although I think this still improves the situation if the password is reused.…
I think there is value in that. I would still be sure to hash it a second time on the server. My guess is that this isn't popular because of the added client side complexity. I'm also curious if anyone has considered or…
Ah answered elsewhere, if the client sends the hash and you log the hash then you still have a problem. The user should change passwords. Although I think this still improves the situation if the password is reused.…
I think there is value in that. I would still be sure to hash it a second time on the server. My guess is that this isn't popular because of the added client side complexity. I'm also curious if anyone has considered or…