On Oct 27, Tomas Hlavaty scribed: > > not sure if I understand it well but it seems to me that your hash > becomes the password. In other words, if I find out the hash, I can log > in (e.g. using my own client). >
Yes, I suppose, but the only way I see you getting the hash is: a) steal the database b) be a MITM over https (I don't do passwords over http when I design a site) c) browser exploit? not sure if that's possible Dave -- UNSUBSCRIBE: mailto:[email protected]?subject=unsubscribe
