Arc Forum | Another method would be hash sha1 hashed values directly, like: (sha512 (+ (sha...

Arc Forum

2 points by dram 4181 days ago | link | parent

Another method would be hash sha1 hashed values directly, like:

  (sha512 (+ (sha1 pw) user-salt site-salt))

Anyway, existing passwords still need to be migrated manually.

BTW, for security, it is also unsecure to pass unhashed passwords around network, unless use https.

1 point by akkartik 4181 days ago | link

"BTW, for security, it is also unsecure to pass unhashed passwords around network, unless use https."

Yes. Though you can get that with apache or nginx.

-----