|
|
Posted by Alexander Mueller on 01/09/08 17:52
J.O. Aho wrote:
>
> I can't see any extra advantage of your input has, more than it will just
> consume more bandwidth for transporting the data.
Well, I listed the advantages in the original posting. Please reread it
again to see what I am trying to accomplish with the hash type.
> The has type will always be
> the same for a site, as the passwords will always be stored in that type, a
> site that uses md5 hashed passwords will never request a sh1 hashed password,
> as then they can't validate the password is correct.
I never talked about a mixture of hash types.
It is about the secure transmission. The hash for a password will never
be the same for a site but only for identical passwords (which is a
required behaviour).
>
> The method will be predictable and complicated to use and just gives a false
> feel of extra security.
>
Can you explain why? The only difference is that the hashing occurs
locally and so gives a much better security to the actual data. Its
neither more predictable nor complicated than the current solution.
Alexander
Navigation:
[Reply to this message]
|