Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
nitrogen
on Oct 9, 2021
|
parent
|
context
|
favorite
| on:
Gmail password first character is case insensitive...
There are formalized approaches to keeping the server from knowing the password at any time:
https://en.m.wikipedia.org/wiki/Password-authenticated_key_a...
SRP is one such system:
https://en.m.wikipedia.org/wiki/Secure_Remote_Password_proto...
staticassertion
on Oct 9, 2021
[–]
The various ZKP approaches are considerably more complex to implement properly vs the trivial approach of a client side hash. There are obvious tradeoffs, of course, but I wouldn't fault someone for an additional hash step on the client.
Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
SRP is one such system: https://en.m.wikipedia.org/wiki/Secure_Remote_Password_proto...