I implemented @troyhunt's HIBP password list as a pure Python3 Bloom filter, in 629MB (false positive rate = 0.0005)https://gist.github.com/marcan/23e1ec416bf884dcd7f0e635ce5f2724 …
-
Nobody does that and that serves zero purpose. If you hash passwords client side the hash becomes the password. I do use HTTPS.
Also, client-side hashing makes it impossible to enforce password rules (the few that I have anyway: 6 chars min and printable ASCII only).
-
-
That doesn't seem like to much of a problem to do client side?
-
People could circumvent it client side - turn off JS, create 1 char password! It's pointless doing it client side anyway.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.