I was reading this Ars article on password security and it mentioned there are

Question

0

Asked: May 15, 20262026-05-15T04:48:25+00:00 2026-05-15T04:48:25+00:00

I was reading this Ars article on password security and it mentioned there are

0

I was reading this Ars article on password security and it mentioned there are sites that “hash the password before transmitting”?

Now, assuming this isn’t using an SSL connection (HTTPS), a. is this actually secure and b. if it is how would you do this in a secure manor?

Edit 1: (some thoughts based on first few answers)

c. If you do hash the password before transmission, how do you use that if you only store a salted hash version of the password in your user credentials databas?

d. Just to check, if you are using a HTTPS secured connection, is any of this necessary?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-15T04:48:26+00:00

Editorial Team

2026-05-15T04:48:26+00:00Added an answer on May 15, 2026 at 4:48 am

This is only secure if the server sends a non-reusable salt (and, of course, if you use a secure hash).

Otherwise, the attacker can simply sniff the users hash, then replay the hash to log in as the user.

Note that the login is vulnerable to a man-in-the middle attack.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I was reading this Ars article on password security and it mentioned there are

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply