bcrypted tokens ? #37
-
|
The server side token could be produced this way ? So then there is nothing local on the server |
Beta Was this translation helpful? Give feedback.
Answered by
aidantwoods
Apr 9, 2023
Replies: 1 comment
-
|
What is the use case you have in mind for this? The local mode might be workable using bcrypt output, but using just a password to derive key material would open up concerns around brute force that might not need to exist using a CSPRNG generated key instead. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
aidantwoods
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the use case you have in mind for this?
The local mode might be workable using bcrypt output, but using just a password to derive key material would open up concerns around brute force that might not need to exist using a CSPRNG generated key instead.