On Wednesday 27 October 2010 16:15:35 Dave wrote:
> (...) I encrypt the passwords in the browser (using the
> same algorithm) and always transmit an encrypted password. There's no
> place to peek. (...)
I believe you mean `I take a hash of password and some salt in the browser and
always transmit the hash' (or better, `I use HMAC')... Otherwise the owner of
the process could still trace it to recover the passwords, coudn't he?
``One can't proceed from the informal to the formal by formal means.''