GNUGradyn
GNUGradyn
PostsComments
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
i think thats what ill do, thanks
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
so maybe your idea is the best anyway
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
they'd still have to get the original password to decrypt the data tho
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
otherwise if our data is breached people could send the pre-hashed passwords to get into accounts
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
i just realized we do want to double-encrypt the passwords
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
oh wait a second
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
seems kinda jank tho. maybe better to just rip out asp.net identity at this point, not sure its doing anything and theres already so many jank work arounds in there to get it to work exactly how i want lol
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
that would probably work. would get encrypted again before storage for no reason but thats not really a problem
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
are you saying hash the password on the client side, and then just use the hashed password like a plain text password on asp.net?
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
oh wait
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
yes
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
that was sorta my initial question
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
ye, i wonder if its even worth using asp.net identity at this point tho, like im already manually handling tokens, email verification, etc
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
when the user signs in the password would be used both to authenticate with the server and to generate the KEK so it can decrypt the DEK and access the data
43 replies
CC#
Created by GNUGradyn on 5/14/2024 in #help
Send already hashed password to backend instead of raw password with asp.net identity
yeah, but i dont want them to have an encryption password and an authentication password, i want it to be completely transparent to the user. this should be possible by encrypting the password before sending it and checking it against the hashed password in the database instead of sending the password and hashing it on the server
43 replies