Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Using a JS lib would not mitigate any risk here unless the compromising of the server that hosts the JS is separate from the compromsing of your web server.


It mitigates passive MITM attacks, for one.

On the other hand, there's nothing that's made _worse_ by choosing to do it that way. Plenty of things that are the same, some things better, but nothing worse.


Hardly - if you are not using HTTPS in the first place then sending the hash across the wire instead of the password are the least of your worries.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: