Browser side form encryption

Presently, to encrypt a password type input without javascript, we are
forced to trust a server-side script.
So that for example, the client is actually required to trust the remote
server with their password unnecessarily.
If there were some standard which defined a way in which <input
type="password"> were automatically encrypted with sha and salted with the
present domain, it would mean that the server can't ever see the user's
password. That way, we can make login systems which can't be compromised
under any circumstances.

Received on Saturday, 6 October 2018 22:52:17 UTC