Can I open the hash salt + password?

Question

Can I open the hash salt + password?

I use the SHA-512 hash 1000 times per salt + password. Is it safe to return this when requesting user information, or should I protect it and make it accessible only through HTTPS?

For example, if I make the following request:

GET: http://domain.com/users?id=437

and it returns:

{"firstName":"Eliot","lastName":"My last name","email":"email@emailplace.com","password":[91,49,-34,77,79,-48,67,-62,-12,84,84,-18,-81,23,-92,-31,74,-28,-80,102,60,35,-102,115,18,-76,20,-90,-8,91,13,23],"authToken":"33c977b1-5ab6-4a8a-8da9-68c8028eff92","id":179}

Does publication matter?

+5

public security passwords hash salt

eliot Apr 3 '13 at 1:02

source share

2 answers

, . HTTPS - URL HTTPS, - - .

, . API.

+3

Michael Pratt 03 . '13 1:05

nneonneo · Accepted Answer · 2013-04-03T01:05:19+0000

Why have you ever returned a user password in response to any open request? It does not matter in what form the password is returned - it is fundamentally unsafe!

. , , . , 1000 , , , ( ), ( - , ). - .

Can I open the hash salt + password?

More articles: