On Mon, Jun 20, 2011 at 11:15 AM, Nils Dagsson Moskopp <[email protected]> wrote: > James Graham <[email protected]> schrieb am Mon, 20 Jun 2011 10:40:20 > +0200: > >> […] and the authors who are most likely to get the server-side >> wrong are the same ones who are already storing passwords in plain >> text. > > What reasoning is behind the assertion that those authors will use the > provided client-side hashing facilities correctly, then?
The fact that you can get minimally adequate functionality by just writing <input type=password hash>. ~TJ
