Hi all!
I'm wanting to make use of bcrypt to authenticate my users. passwordHash and passwordVerify appear setup to use this algorithm, but I have a slight problem.
My users will use a CEF-based interface to submit their login credentials to the clientside. The clientside then needs to send the credentials to the server to verify. I'm currently running passwordHash against the credentials on the clientside before using triggerServerEvent to transmit them.
However, this results in two separate hash values being produced for the same input value (?due to unique salting).
I've experimented slightly with using encodeString to temporarily encode the password before calling triggerServerEvent, and then decrypting on the serverside - but how can I securely share the key with the server to decrypt on the other side?
I have considered switching to sha256, as this produces the same hashes no matter where it is called (client or server etc). But I feel this is less secure.
How can I make use of the passwordHash/passwordVerify in this situation while preserving security as much as possible?
TIA!
