W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > February 2012

[Bug 13067] Password hashing

From: <bugzilla@jessica.w3.org>
Date: Thu, 02 Feb 2012 09:08:00 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Rsse8-0005oz-8a@jessica.w3.org>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=13067

--- Comment #3 from gunniboyh@web.de 2012-02-02 09:07:59 UTC ---
(In reply to comment #2)
> (In reply to comment #1)
> > I like this idea.  Why assume a web application will hash a password.  Why ever
> > send a clear password?
> > 
> > If this were a default it would better protect user's.
> > 
> > The hard question is what or how to salt?  This would need to be effortless on
> > the user.
> 
> 
> This is already done in WWW Digest authentication. It bypasses <form> controls
> altogether.

That's the point. I suppose to incorporate this (or similar) functionality into
regular HTML forms.

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 2 February 2012 09:08:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 2 February 2012 09:08:04 GMT