undefined | Better HN

0 pointsconsp8y ago0 comments

Man in the middle attacks fetching for plaintext passwords

-- edit: using a KDF would improve it even more.

0 comments

If the client only sends the hash to the server, a MitM also only needs to capture the hash.

croon8y ago

Sure, but if they've MITM:ed your trusted certs, aren't you already boned in so many ways?

j / k navigate · click thread line to collapse

0 pointsconsp8y ago0 comments

Man in the middle attacks fetching for plaintext passwords

-- edit: using a KDF would improve it even more.

If the client only sends the hash to the server, a MitM also only needs to capture the hash.

croon8y ago

Sure, but if they've MITM:ed your trusted certs, aren't you already boned in so many ways?

j / k navigate · click thread line to collapse