Posted by Alexander Mueller on 01/09/08 17:52

J.O. Aho wrote:
>
> I can't see any extra advantage of your input has, more than it will just
> consume more bandwidth for transporting the data.

Well, I listed the advantages in the original posting. Please reread it
again to see what I am trying to accomplish with the hash type.


> The has type will always be
> the same for a site, as the passwords will always be stored in that type, a
> site that uses md5 hashed passwords will never request a sh1 hashed password,
> as then they can't validate the password is correct.

I never talked about a mixture of hash types.

It is about the secure transmission. The hash for a password will never
be the same for a site but only for identical passwords (which is a
required behaviour).

>
> The method will be predictable and complicated to use and just gives a false
> feel of extra security.
>

Can you explain why? The only difference is that the hashing occurs
locally and so gives a much better security to the actual data. Its
neither more predictable nor complicated than the current solution.


Alexander

[Back to original message]