Hello all,

On Wednesday 27 October 2010 16:15:35 Dave wrote:
> (...) I encrypt the passwords in the browser (using the
> same algorithm) and always transmit an encrypted password.  There's no
> place to peek.  (...)

I believe you mean `I take a hash of password and some salt in the browser and 
always transmit the hash' (or better, `I use HMAC')... Otherwise the owner of 
the process could still trace it to recover the passwords, coudn't he?

-- 
dexen deVries


``One can't proceed from the informal to the formal by formal means.''
-- 
UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe

Reply via email to