W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > August 2011

[Bug 13067] Password hashing

From: <bugzilla@jessica.w3.org>
Date: Thu, 04 Aug 2011 03:58:37 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1Qop4v-0006Cl-4W@jessica.w3.org>

John Weir <john@smokinggun.com> changed:

           What    |Removed                     |Added
                 CC|                            |john@smokinggun.com

--- Comment #1 from John Weir <john@smokinggun.com> 2011-08-04 03:58:36 UTC ---
I like this idea.  Why assume a web application will hash a password.  Why ever
send a clear password?

If this were a default it would better protect user's.

The hard question is what or how to salt?  This would need to be effortless on
the user.

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 4 August 2011 03:58:38 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:01:59 UTC