Plus if the front end is hashing with each keystroke, I feel like the security of the final hash is far, far, less secure to any observer/eavesdropper.
If the password is hunter2 and the front end sends a hash for h, then hu, then hun, etc., then someone observing all these hashes only has to check each hash against a single keystroke, then move on to the next hash with all but the last keystroke known. That hash table is a much smaller search space, then.
Plus if the front end is hashing with each keystroke, I feel like the security of the final hash is far, far, less secure to any observer/eavesdropper.
If the password is
hunter2and the front end sends a hash forh, thenhu, thenhun, etc., then someone observing all these hashes only has to check each hash against a single keystroke, then move on to the next hash with all but the last keystroke known. That hash table is a much smaller search space, then.“hunter2”, you say?
Puts on shades
“I’m in.” rapid keystrokes