Boy, you guys are a stubborn lot aren't you? MD5 doesn't change the facts of the case in any significant way.
MD5 hashing on the client is still a pain in the behind, and it's still not worth it. Forget, for a moment, that it's also a weaker hash algorithm. It's still more to download, more CPU processing, and all for a teensy tiny amount of gain. It also remains highly unpractical until someone rolls out a library for GWT and does some speed and download size tests so we've got some tangibles to talk about. Until then, the login security FAQ should not be changed. On Sep 18, 9:34 am, "alex.d" <[EMAIL PROTECTED]> wrote: > What about "easy"-hashing on the client side like for example md5? > Sure, lately there were several reports about possibilities to crack > it quicker than expected(a few hours or even minutes) but i haven't > seen any working tool to make it work yet. So hasing with md5 on the > client side, and than with BCrypt on the server, should eliminate > probably 90% of the attack attempts. And if somebody is ready to go > the hard way, well, then there is probably not that much you can do > about it - if somebody want's to hack you - they will succeed. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
