ServerAuth
ServerAuth copied to clipboard
BCrypt support/enabled by default
Currently the default password used by this project is unsalted sha256. This is unsafe due to advances in modern computing power and rainbow table attacks. To give some context, I can crack unsalted sha256 on my laptop at 108 million guesses per second. This would easily rip through any database your program generates. I strongly suggest switching to bcrypt. If you must use sha256, please generate user-specific salts to protect their integrity.
@Plazmaz I know right