[Bug 13067] Password hashing from bugzilla@jessica.w3.org on 2011-08-04 (public-html-bugzilla@w3.org from August 2011)

From: <bugzilla@jessica.w3.org>
Date: Thu, 04 Aug 2011 03:58:37 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Qop4v-0006Cl-4W@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=13067

John Weir <john@smokinggun.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |john@smokinggun.com

--- Comment #1 from John Weir <john@smokinggun.com> 2011-08-04 03:58:36 UTC ---
I like this idea.  Why assume a web application will hash a password.  Why ever
send a clear password?

If this were a default it would better protect user's.

The hard question is what or how to salt?  This would need to be effortless on
the user.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Thursday, 4 August 2011 03:58:38 UTC