Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The attacker would then intercept that scrypt hash sent from the client and use it to authenticate.


You can't. The scrypt hash should be protected by HTTPS the same way a website password is protected by HTTPS.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: