Then you’d end up having single (when the user browser’s JS is disabled) and double-encrypted hashes in your password database, and you’d have to either keep track of that (for later when you want to validate a log in, for example), or extend your initial password storage logic to double encrypt the password in case the user’s request comes from a JS-disabled browser.
I think this jsSHA library would be more useful for server-side JS (i.e. a nodejs-based web framework).
As TheRedGiant said very well, security wise, don’t trust anything to rely on client side! That must definitely be for a server side JS!
- Grew a moustache for the Envato Movember competition
- Community Moderator
- Contributed a Blog Post
- Author was Featured
- Item was Featured
- Won a Competition
- Repeatedly Helped protect Envato Marketplaces against copyright violations
- Has been a member for 4-5 years