GNUGradyn Comments - Answer Overflow

GNUGradyn

Posts Comments

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

i think thats what ill do, thanks

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

so maybe your idea is the best anyway

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

they'd still have to get the original password to decrypt the data tho

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

otherwise if our data is breached people could send the pre-hashed passwords to get into accounts

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

i just realized we do want to double-encrypt the passwords

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

oh wait a second

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

seems kinda jank tho. maybe better to just rip out asp.net identity at this point, not sure its doing anything and theres already so many jank work arounds in there to get it to work exactly how i want lol

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

that would probably work. would get encrypted again before storage for no reason but thats not really a problem

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

are you saying hash the password on the client side, and then just use the hashed password like a plain text password on asp.net?

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

oh wait

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

yes

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

that was sorta my initial question

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

ye, i wonder if its even worth using asp.net identity at this point tho, like im already manually handling tokens, email verification, etc

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

when the user signs in the password would be used both to authenticate with the server and to generate the KEK so it can decrypt the DEK and access the data

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

yeah, but i dont want them to have an encryption password and an authentication password, i want it to be completely transparent to the user. this should be possible by encrypting the password before sending it and checking it against the hashed password in the database instead of sending the password and hashing it on the server

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

this is basically supposed to be 1: insurance for the user that we wont touch their data (because we cant) 2: a way to skirt giving user data to malicious actors via supeonas 3: a way to make data breaches less impactful these are all pointless if we can just intercept the users password and decrypt the data anyway

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

so if i were malicious, i could intercept their password when they sign in and use that to decrypt the data

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

but the problem is i want the user to only have 1 password

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

thats pretty much what its doing right now

43 replies

CC#

•Created by GNUGradyn on 5/14/2024 in #help

Send already hashed password to backend instead of raw password with asp.net identity

idk if thats a good idea tho

43 replies

Gaming

Programming