You can do this easily with paramiko, checkout SFTP with…

Question

0

Asked: May 10, 20262026-05-10T21:58:11+00:00 2026-05-10T21:58:11+00:00

I want to salt a hashed username and password (submitted via http POST) in

0

I want to salt a hashed username and password (submitted via http POST) in JS on the client-side with a higher-order time value (< 1 minute resolution) to avoid sending the username and password hash as a constant value that could be used for a log-in attempt via POST fabrication by an unauthorized user (i.e. a sniffer).

This will impose a short expiry on the usefulness of the passed hash.

If they inspect the JS and see that it uses this time salt, how much easier will it make the job of breaking the MD5 if they know what the salt is?

Stephen

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-10T21:58:11+00:00

2026-05-10T21:58:11+00:00Added an answer on May 10, 2026 at 9:58 pm

The salt doesn’t need to be secret. In that sense, your solution is okay.

MD5 is broken in some applications; this one might be alright, but why not use a hash from the SHA-2 family? For that matter, why not use SSL to provide a confidential channel, and better security?

0

Reply
Share
Share

- Report

How to approach applying for a job at a company ...

How to handle personal stress caused by utterly incompetent and ...

What is a programmer’s life like?

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions