0
Hashing + salting in frontend
I have the task to hash and salt a input with sha512 in frontend. I'm not sure how to approach this since all implementations seem to be for Backend and I can't seem to find best practices for client side with sha512 + salting. Does anyone have the slightest clue?
1 Antwort
0
You should really only be hashing with salt in backend. The reasoning behind it is for security.
You should be using hmac to hash with the salt but you can just append or prepend or do both.
Hash = Sha512(password + salt)
Then you can send off salt and password.
Usually you create a random salt in backend and save it there because you need to add salt to the password everytime to make sure it is correct.
If you are generating salt in the frontend and save it there is always a chance that it would be lost. Like when you register on pc and login on mobile. Sending the salt from the server is just awkward.
If you are worried about transmitting a password from the front-end to the backend then you can just let your form hash it normally and then hash it again with salt in the backend. That will make brute forcing rather difficult if no one knows that's how it is stored.