Because people are human, some may think it is a good idea to put their passwords in for some reason.
Unfortunately, since this sends an api request to the server, which keeps logs, we could unintentionally end up with lists of passwords.
A solution could be to pre-hash all values on all clients before sending them to the server, so that no logs of user input is kept while still being able to cache requests.
This would mean that when checking a file, there are three hashing steps:
- SHA256 (or whatever method the user clicks) of file
- Send request using hash of that
- Server received request and takes hash of it to generate seed for the rng
Because people are human, some may think it is a good idea to put their passwords in for some reason.
Unfortunately, since this sends an api request to the server, which keeps logs, we could unintentionally end up with lists of passwords.
A solution could be to pre-hash all values on all clients before sending them to the server, so that no logs of user input is kept while still being able to cache requests.
This would mean that when checking a file, there are three hashing steps: