Another question about client or server side password hashing, I know. After rea

Question

Another question about client or server side password hashing, I know. After reading many other post about this topic I'm still a little confused and not completely sure what is the best, because I read many contrasting opinions.

Using a SSL certificate, that is what I'm gonna do, I came to conclusion that it's not worth hash the password in javascript.

But anyway rather than send the password in cleartext to the server would make sense 'disguise' the password in javascript, (for example replacing letters and numbers with other based on a customized pattern), and then re-build the original password in the server using the same pattern, then hash the password and store it in the db or this would not add much more security?

Explanation / Answer

You are misunderstanding the purpose of TLS (https). If you have a https connection to that server that means that all traffic is encrypted during transport from the client to the server. This includes any credentials.

As for "disguising" the passwords on the client side with some rudimentary charter rotation and replacement .

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.