- From: Olivier GENDRIN <olivier.gendrin@gmail.com>
- Date: Fri, 11 Jan 2008 09:42:10 +0100
- To: public-html@w3.org
That principle could be usefull if the salt is send through an other media than the current connection : i.e. email or event paper mail. That could be implemented by banks. So the UA would have to store the salt informations, but it still does for login forms, by example. UA would have to ask for a valid salt (salt could have to be Luhn valid : http://en.wikipedia.org/wiki/Luhn_algorithm) the first time an input @type=hash for a specified form on a specified URL (how to identifiy inputs ? Mandatory Id ?). -- Olivier G. http://www.lespacedunmatin.info/blog/
Received on Friday, 11 January 2008 08:42:25 UTC