none
Encrypt Locally of Remotely? Which one is more Secure? RRS feed

  • Question

  • Hi,

    I have a sign in page and I want to pass the email and password of the user but I want to discuss with you guys which one is more secure?

    to salt and hash the password locally and send it like this:

    var content = new FormUrlEncodedContent(new[]
    {
        new KeyValuePair<string, string>("email", TextBoxSignupEmailAddress.Text),
        new KeyValuePair<string, string>("salt", password_salt),
        new KeyValuePair<string, string>("hash", password_hash),
    });


    Or just send the email and password and then salt it and hash it on remote like this:

    var content = new FormUrlEncodedContent(new[]
    {
        new KeyValuePair<string, string>("email", TextBoxSignupEmailAddress.Text),
        new KeyValuePair<string, string>("password", password)
    });


    What is your advise...


    Thanks,
    Jassim

    Friday, October 18, 2019 1:25 AM

All replies

  • You should use the tactic of PGP/GPG, that is, to use "random key encrypted by public key of receiver" sent by receiving side to encrypt it, then the receiving side use their private key to decrypt the random key, and use it to decrypt received message.

    If you think that's too much work, you can just send with HTTPS and let the TLS layer handle that for you.

    Friday, October 18, 2019 1:40 AM
    Answerer