Because you can enforce password policies without the password ever leaving the ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		fisf on Sept 3, 2024 \| parent \| context \| favorite \| on: Programming Zero Knowledge Proofs: From Zero to He... Because you can enforce password policies without the password ever leaving the (untrusted) client in clear text. I.e. the server only sees the hash and still knows it's dealing with a strong PW.

cyberax on Sept 3, 2024 [–]

A client-side script can do that. What is the attack model? A client maliciously changing the client script to supply a weak password?

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact