0
Under review
Futureweb OG 5 months ago • updated by Nils Laumaillé 4 months ago 3

An Option to don't have the SALT permanently saved on the Server would be really great and increase Security a lot ...

One would enter a Master-Pass on Login - which is used (as part) of the SALT ...

bye from Austria

Andreas Schnederle-Wagner

Under review

Not sure I have understood.

Do you mean the main SALT or the user's one?

I mean the MAIN SALT (or a part of it) ... imagine the Server get's compromised ... then the Hacker has access to the SALT + DATABASE ... and can decrypt all Passwords as he wants ...

This would not be possible if the Main Salt isn't saved on the Server but only in Memory in the current Session ...

Yes such feature is possible.