What should I use as a secure/strong salt for PBKDF2 hashing when salt is not available to use before login as it will be client-side javascript to hash user+pass with PBKDF2 ? I'm going to use sha(user+pass) as salt for pbkdf2
Aucun commentaire:
Enregistrer un commentaire