For that particular website yes, but a salted client side hash is worthless on a different website.
Edit: plus even unsalted it would only work if the algorithm is the same and less iterations are done
For that particular website yes, but a salted client side hash is worthless on a different website.
Edit: plus even unsalted it would only work if the algorithm is the same and less iterations are done
It helps against the server being able to read the password, so a bad actor (either the website itself or after a hack) could read your password. Which isn’t bad if you’re using good password hygiene with random passwords, but that sadly is not the norm.
Why would you not hash in the browser. Doing so makes sure the plaintext password never even gets to the server while still providing the same security.
Edit: I seem to be getting downvoted… Bitwarden does exactly what I described above and I presume they know more than y’all in terms of security https://bitwarden.com/help/what-encryption-is-used/#pbkdf2
This is some NotTheOnion level of article
Average dead by daylight killer