-
Notifications
You must be signed in to change notification settings - Fork 231
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why use selector/token pair for password reset? #301
Labels
Comments
Thanks! It’s split into two parts to protect against timing attacks. But it’s really just one pair with one meaning. Actually, the two parts could even be joined together and be represented as just one piece for a developer using this library, and only be split again internally by this library. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
First of all, great library!
I'm building an application and I must document the database. So, I would like to know: why use a selector/token pair instead of just 1 token?
thanks a lot!
The text was updated successfully, but these errors were encountered: