用戶密碼加解密概念-client版

client........................network..................................server

step1
................................................................................create
input rawpwd
salt(fixed) + rawpwd ==sha256==> encode1
salt_encode1...  .....................https.........................save salt_encode1 to database

step2
.............................................................................. validate
input rawpwd
salt + rawpwd ==sha256==> encode2
salt_encode2... .... .....................https....................load salt_encode1 from database
...............................................................................test if  encode2 equals to encode1

用戶密碼加解密概念-server版

client..........network............................server

step1
.........................................................create
rawpwd.................https...................salt(random) + rawpwd ==sha256==> encode1
.........................................................save salt_encode1 to database

step2
.........................................................validate
rawpwd.................https.. ................load salt from salt_encode1 in database
.........................................................salt + rawpwd ==sha256==> encode2
.........................................................test if  encode2 equals to encode1