- From: Guru Partap Khalsa <horus.scope@gmail.com>
- Date: Sat, 6 Oct 2018 15:51:41 -0700
- To: public-webapps@w3.org
Received on Saturday, 6 October 2018 22:52:17 UTC
Presently, to encrypt a password type input without javascript, we are forced to trust a server-side script. So that for example, the client is actually required to trust the remote server with their password unnecessarily. If there were some standard which defined a way in which <input type="password"> were automatically encrypted with sha and salted with the present domain, it would mean that the server can't ever see the user's password. That way, we can make login systems which can't be compromised under any circumstances.
Received on Saturday, 6 October 2018 22:52:17 UTC