- From: Guru Partap Khalsa <horus.scope@gmail.com>
- Date: Sun, 7 Oct 2018 10:43:16 -0700
- To: public-webapps@w3.org
Received on Sunday, 7 October 2018 17:43:51 UTC
It is a shame that if you changed your domain you would have to force users to reset their passwords. I did mean hash and not encrypt, that was my mistake; the salt (which could optionally have a server generated salt on top of that) was intended to prevent the server from being able to replay your password to other servers. I'm glad this area of the internet is more insightful and understanding toward security analysis than the rest of the general public spaces such as stack exchange, where this inquiry and many others are met with random hostility and ignorance.
Received on Sunday, 7 October 2018 17:43:51 UTC