W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2018

Re: Browser side form encryption

From: Guru Partap Khalsa <horus.scope@gmail.com>
Date: Sun, 7 Oct 2018 10:43:16 -0700
Message-ID: <CALjRnZddqJEeGXh1RBJRehq0x8aws-eEvjw1r1CtpNzpdND2Tw@mail.gmail.com>
To: public-webapps@w3.org
It is a shame that if you changed your domain you would have to force users
to reset their passwords. I did mean hash and not encrypt, that was my
mistake; the salt (which could optionally have a server generated salt on
top of that) was intended to prevent the server from being able to replay
your password to other servers. I'm glad this area of the internet is more
insightful and understanding toward security analysis than the rest of the
general public spaces such as stack exchange, where this inquiry and many
others are met with random hostility and ignorance.
Received on Sunday, 7 October 2018 17:43:51 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:15:20 UTC