I’ve developed my application to use salted SHA-512 password hashes. If a hacker were

Question

0

Asked: June 5, 20262026-06-05T10:51:19+00:00 2026-06-05T10:51:19+00:00

I’ve developed my application to use salted SHA-512 password hashes. If a hacker were

0

I’ve developed my application to use salted SHA-512 password hashes.

If a hacker were to obtain the hash, what can I do to protect against the hacker using Greasemonkey to alter the login page so that the password is not hashed? The attack vector I foresee would enable them to type the hash they’ve acquired into the password input and then the Greasemonkey-altered page sends that info as is (w/o hashing the entered password which is the actual hash).

That is just one example of how an acquired hash could be used. There are other ways the site’s code could be altered with Greasemonkey to achieve the same result.

I can’t think of any ways to prevent / protect against this type of attack.

Has anyone here come up with something?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-05T10:51:22+00:00

Editorial Team

2026-06-05T10:51:22+00:00Added an answer on June 5, 2026 at 10:51 am

Hash your passwords on the server. Use SSL to protect over the wire.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve developed my application to use salted SHA-512 password hashes. If a hacker were

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply