Home > Back-end >  Does it make sense to also hash password on frontend?
Does it make sense to also hash password on frontend?

Time:01-27

I'm aware passwords should be hashed/salted on backend and HTTPS should be used for transportation. My concern is that, on account registration, there is a section of code where the plain text password could exposed by way of a poorly placed log-statement.

I understand hashing passwords multiple times is not ideal, but to address this concern would it be acceptable (from a security governance perspective) to also hash the password on the frontend?

CodePudding user response:

No, as password hashing should use salt and a suitable (slow) hashing algorithm, implementing this correctly and in the future double hash all passwords would require a lot more work than masking the password in the log.

If you use an unsalted hash with a fast hashing algorithm many passwords can be quickly broken using modern hash cracking equipment.

Also see Does it make security sense to hash password on client end

Page link:https//www.codepudding.com/Backend/684378.html

Prev:Routes are declared in routes.yaml but symfony don't found them. Even when i try using annotati
Next:POST with TIdHTTP hangs on retrieving the JSON response
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding