ITCan said:
- always use HTTPS
- always use the bcrypt() function to hash passwords (https://laravel.com/docs/5.2/helpers#method-bcrypt)
- host your own server or use a reliabe hoster, if people have access to your server then hashing has no use because they can access the code / encryption keys / configs, etc and have access to the database...
Of course I will use HTTPS, of course I am using bcrypt() and of course I trust my hoster, but this is not the case. The problem here is sending passwords in plaintext what should be avoided.
Motivation: http://stackoverflow.com/a/21716654
You could use sha1 (or any other algo) in javascript for the client side. But if you are using https (and only allow https connections) I dont think you really need to stress much about it.
Check http://www.movable-type.co.uk/scripts/sha1.html
To be clear the op said its for the client side, he will rehash on the server side using bcrypt and salt.
Good read on the topic at this link as well http://security.stackexchange.com/questions/93395/how-to-do-client-side-hashing-of-password-using-bcrypt
Sign in to participate in this thread!
The Laravel portal for problem solving, knowledge sharing and community building.
The community