'Compare hashed password vs searching for user with hashed value

Technically speaking is there any difference to these two login flows

The first:

  1. Find user by email/username/etc.
  2. Use a library like bcrypt to compare plain text password to hashed one
  3. Return user if comparison true / return invalid credentials if comparison false

The second:

  1. Hash the plain text password sent by user
  2. Search for user by both the email and hashed password
  3. If user found return him to the client / if user not found return invalid credentials
authenticationhashpasswordsbackend


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions