I want to salt a hashed username and password (submitted via http POST) in

Question

0

Asked: May 10, 20262026-05-10T21:58:11+00:00 2026-05-10T21:58:11+00:00

I want to salt a hashed username and password (submitted via http POST) in

0

I want to salt a hashed username and password (submitted via http POST) in JS on the client-side with a higher-order time value (< 1 minute resolution) to avoid sending the username and password hash as a constant value that could be used for a log-in attempt via POST fabrication by an unauthorized user (i.e. a sniffer).

This will impose a short expiry on the usefulness of the passed hash.

If they inspect the JS and see that it uses this time salt, how much easier will it make the job of breaking the MD5 if they know what the salt is?

Stephen

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-10T21:58:11+00:00

2026-05-10T21:58:11+00:00Added an answer on May 10, 2026 at 9:58 pm

The salt doesn’t need to be secret. In that sense, your solution is okay.

MD5 is broken in some applications; this one might be alright, but why not use a hash from the SHA-2 family? For that matter, why not use SSL to provide a confidential channel, and better security?

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I want to salt a hashed username and password (submitted via http POST) in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply