Is storing a private key generated by the client that is encrypted by the users password safer than storing a hash of a password? (The encryption part is done client side and it will be sent to the server the users password won't be sent to the server)
Is saving a private key encrypted with the users password safer than storing a hash in a database?
122 Views Asked by TarithJ At
1
There are 1 best solutions below
Related Questions in CRYPTOGRAPHY
- Facebook Api - Albums/Photos/Comments
- How to get Facebook subscriber count + friend count
- Firebase facebook authentication not working
- Facebook iOS SDK 4 error info.plist
- Why don't any of my facebook share buttons work?
- Can't perform authentication through facebook with Parse
- PlayN and Firefox issues
- How do I stop the facebook send widget from going off the screen?
- Add extended permissions - Facebook
- Pass image, summary, URL to Facebook share button in ASP.NET MVC
Related Questions in PASSWORDS
- Facebook Api - Albums/Photos/Comments
- How to get Facebook subscriber count + friend count
- Firebase facebook authentication not working
- Facebook iOS SDK 4 error info.plist
- Why don't any of my facebook share buttons work?
- Can't perform authentication through facebook with Parse
- PlayN and Firefox issues
- How do I stop the facebook send widget from going off the screen?
- Add extended permissions - Facebook
- Pass image, summary, URL to Facebook share button in ASP.NET MVC
Related Questions in PASSWORD-HASH
- Facebook Api - Albums/Photos/Comments
- How to get Facebook subscriber count + friend count
- Firebase facebook authentication not working
- Facebook iOS SDK 4 error info.plist
- Why don't any of my facebook share buttons work?
- Can't perform authentication through facebook with Parse
- PlayN and Firefox issues
- How do I stop the facebook send widget from going off the screen?
- Add extended permissions - Facebook
- Pass image, summary, URL to Facebook share button in ASP.NET MVC
Related Questions in PASSWORD-STORAGE
- Facebook Api - Albums/Photos/Comments
- How to get Facebook subscriber count + friend count
- Firebase facebook authentication not working
- Facebook iOS SDK 4 error info.plist
- Why don't any of my facebook share buttons work?
- Can't perform authentication through facebook with Parse
- PlayN and Firefox issues
- How do I stop the facebook send widget from going off the screen?
- Add extended permissions - Facebook
- Pass image, summary, URL to Facebook share button in ASP.NET MVC
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
It depends what you're talking about.
If i'm the client:
58 3b ae a9 de 37 88 e6 ed a2 9f 45 db 8b 9f 56 ef e1 aa 25 ac 52 f6 3d 02 dd 1b 86 1f c5 39 443e 35 33 46 fe a2 04 09 58 ff 1a 29 41 97 cb 6d 44 32 5f 4a 74 01 90 1d f3 32 eb 2c 6e 49 e1 19What you've done is have the client create a strong password with extra steps. I can convert those bytes to a string:
This is now the user's "password". When they login to your site, you need to validate that password. That means that you must securely store that password in your system - and taking the SHA-256 hash of that password is not secure.
That's all if the client encrypts it
What if instead the user generates a "private key":
And they send that to the server, and you will encrypt it with the user's password: how did you know the user's password!?
You can't do that, because you can't know their password.