Nostr

Do I get to set a password and salt? I trust you are a good actor but I’d rather whatever is developed doesn’t require trust in the host or a third party to not have a rainbow table for IP addresses.

utxo the webmaster 🧑‍💻 2y ago

This would be for unauthenticated users trying to brute force sign ups or logins, once you're logged in I identify you with the email you used.

Reply to this note

Please Login to reply.

Discussion

ben 2y ago

rate limiting by ip is common and good

utxo the webmaster 🧑‍💻 2y ago

We still gonna hash it and maximum cache for 1 minute, I think it's a reasonable trade off.

ContrarianAgrarian 2y ago

Seems reasonable enough.

ContrarianAgrarian 2y ago

Email? Will users be able to sign up with an npub? 😁