|
Why use RSA at all? RSA is used when you want to get the data back in its original form.
There is absolutely no need for that here. Hash the user's password client-sided > send the hash to the server > server stores the hash and compares hashes to confirm its the correct password at login.
Once again, there is absolutely no reason the server (you) should know what the user's password is. You can hash it how you see fit, but just a md5 or sha512 is enough (as long as user's are required to make somewhat unique passwords). Benefit of a hash versus encryption is that in the case of a data breach, your user's passwords are still secure. Whereas if the hacker was able to secure your RSA private key its all over.
You can of course use RSA on top of the hashing, if you'd like.
« Previous Thread | Next Thread » |
Thread Information |
Users Browsing this ThreadThere are currently 1 users browsing this thread. (0 members and 1 guests) |
Tags for this Thread |