Is it more secured to encode text to md5 for example on client side then send via post method and store on server database as md5 hash?
Asked
Active
Viewed 25 times
0
-
2Possible duplicate of [Is it worth hashing passwords on the client side](https://stackoverflow.com/questions/3715920/is-it-worth-hashing-passwords-on-the-client-side) – David Walschots Sep 05 '18 at 21:44
-
generally passwords should be sent over tls which is more secure and doesn't make public your hashing scheme – bryan60 Sep 05 '18 at 21:45
-
If I can sniff your password and impersonate you, then I can also sniff the hash and impersonate you. There is exactly zero difference between the two. Also note that MD5 is absolutely terrible as a password hashing function. MD5 is fast, password hashing functions should be slow. – Jörg W Mittag Sep 05 '18 at 21:51
-
1MD5 is not a secure password hashing algorithm. Please avoid implementing password hashing, it's much harder than it sounds because you won't get an error if you do it wrong. Your system will work just fine while being really insecure. – that other guy Sep 05 '18 at 21:53