[sorry, should got to the list] Am 27.03.2014 um 18:35 schrieb Arnt Gulbrandsen <[email protected]>:
> It's easy to do without. I expect 100-150 lines of code. It's just that when > you hash or encrypt in the db, you lose the ability to use challenge/response > authentication, so the password becomes much easier to snoop on the wire. I thought, when I decrypt on the fly during login, I could use CRAM. Wrong? Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
