Password Hashing

Some ideas sound useful when you first look at them but turn out to be nowhere near as useful as they appear

At first glance the idea of converting the password entered into the web page into a hash before sending it to the server looks like a good idea - after all we usually convert it to a hash before storing it in the database to stop anyone being able to tell what the actual password is even when they have access to the database. A closer look at just exactly what you'd need shows that doing so would actually reduct the security of your system rather than increasing it.

Password Hashing