On Wednesday, October 24, 2012 2:38:51 PM UTC-4, Manuel Carrasco wrote: > - You could compute and send the MD5 hash of the password instead of the >> clear one if the server is storing the password in MD5 >> > > This doesn't really work against MITM attacks. As written, the proposal > substitutes a password equivalent in place of the original password, which > doesn't really provide any protection against unauthorized access to the > system because intercepting the password equivalent would still be > sufficient for access. It does protect the original password, though that's > typically a lesser concern. > > > Exact this is not a protection for the target system, but a guarantee for the user so as her clear password is not seen in the wire. It is very usual for users to use the same password for different systems.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
