On 06/17/2011 08:34 PM, Aryeh Gregor wrote:
On Thu, Jun 16, 2011 at 5:39 PM, Daniel Cheng<dch...@chromium.org> wrote:
A variation of this idea has been proposed in the past but was largely seen
as undesirable--see
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-May/026254.html. In
general, I feel like the same objections are still true of this proposal.
This proposal is considerably better formulated than that one was.
But yes, in the end, the only real benefit is that the user can
confirm that their original plaintext password can only be retrieved
by brute-forcing the hash, which protects them only against reuse of
the password on different sites. So on consideration, it will
probably lead more to a false sense of security than an actual
increase in security, yes. It no longer seems like a good idea to me.
FWIW I disagree. The same argument could be used against client-side
form validation since some authors might stop doing proper server-side
validation. But, as in that case, there are definite end user benefits —
I consider limiting the scope of attacks to just a single site even in
the face of password reuse to be a substantial win — and the authors who
are most likely to get the server-side wrong are the same ones who are
already storing passwords in plain text.
