Forum Xamarin Xamarin.Forms

Encrypt Locally of Remotely? Which one is more Secure?

JassimRahmaJassimRahma USMember ✭✭✭✭

Hi,

I have a sign in page and I want to pass the email and password of the user but I want to discuss with you guys which one is more secure? to salt and hash the password locally and send it like this:

var content = new FormUrlEncodedContent(new[]
{
    new KeyValuePair<string, string>("email", TextBoxSignupEmailAddress.Text),
    new KeyValuePair<string, string>("salt", password_salt),
    new KeyValuePair<string, string>("hash", password_hash),
});

Or just send the email and password and then salt it and hash it on remote like this:

var content = new FormUrlEncodedContent(new[]
{
    new KeyValuePair<string, string>("email", TextBoxSignupEmailAddress.Text),
    new KeyValuePair<string, string>("password", password)
});

What is your advise...

Thanks,
Jassim

Answers

  • DirkWilhelmDirkWilhelm USMember ✭✭✭✭

    Your second approach is unsecure. Never ever submit a password in plaintext.

    As for your first approach: why do you want to send the salt? You just need it on your device, and not on your server.

Sign In or Register to comment.