[Bug 13067] Password hashing from bugzilla@jessica.w3.org on 2011-12-06 (public-html-bugzilla@w3.org from December 2011)

From: <bugzilla@jessica.w3.org>
Date: Tue, 06 Dec 2011 21:05:06 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RY2CI-0004ol-7Z@jessica.w3.org>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=13067

Charles Pritchard <chuck@jumis.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |chuck@jumis.com

--- Comment #2 from Charles Pritchard <chuck@jumis.com> 2011-12-06 21:05:04 UTC ---
(In reply to comment #1)
> I like this idea.  Why assume a web application will hash a password.  Why ever
> send a clear password?
> 
> If this were a default it would better protect user's.
> 
> The hard question is what or how to salt?  This would need to be effortless on
> the user.


This is already done in WWW Digest authentication. It bypasses <form> controls
altogether.

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 6 December 2011 21:05:07 UTC