W3C home > Mailing lists > Public > whatwg@whatwg.org > June 2011

[whatwg] Hashing Passwords Client-side

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Mon, 20 Jun 2011 14:27:39 -0700
Message-ID: <BANLkTinWti2+iQGhuQp0uihV4_P+e6d=2gKLanjxneX5w-HKeA@mail.gmail.com>
On Mon, Jun 20, 2011 at 11:15 AM, Nils Dagsson Moskopp
<nils at dieweltistgarnichtso.net> wrote:
> James Graham <jgraham at opera.com> schrieb am Mon, 20 Jun 2011 10:40:20
> +0200:
>
>> [?] and the authors who are most likely to get the server-side
>> wrong are the same ones who are already storing passwords in plain
>> text.
>
> What reasoning is behind the assertion that those authors will use the
> provided client-side hashing facilities correctly, then?

The fact that you can get minimally adequate functionality by just
writing <input type=password hash>.

~TJ
Received on Monday, 20 June 2011 14:27:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:06 UTC