Just take the string as bytes and hash it ffs

  • CommanderCloon@lemmy.ml
    link
    fedilink
    English
    arrow-up
    6
    ·
    4 months ago

    If you hash in the browser it means you don’t salt your hash. You should absolutely salt your hash, not doing so makes your hashes very little better than plaintext.

    • Shadow@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      4 months ago

      There’s nothing stopping a browser from salting a hash. Salts don’t need to be kept secret, but it should be a new random salt per user.