Re: Browser side form encryption

I wrote about this a few years ago.

For example, using something like
`input type="password" encrypt="bcrypt" salt="abc..." rounds="4"

There is discussion in the comments about the disadvantages and
practicalities of this approach.

I still think it would be an interesting idea - but I'm sit sure if it
solves the problem.

On Sun, 7 Oct 2018, 18:46 Guru Partap Khalsa, <> wrote:

> It is a shame that if you changed your domain you would have to force
> users to reset their passwords. I did mean hash and not encrypt, that was
> my mistake; the salt (which could optionally have a server generated salt
> on top of that) was intended to prevent the server from being able to
> replay your password to other servers. I'm glad this area of the internet
> is more insightful and understanding toward security analysis than the rest
> of the general public spaces such as stack exchange, where this inquiry and
> many others are met with random hostility and ignorance.
*Terence Eden*
Open Standards
+44 7717 512 963 <+447717512963>
Government Digital Service

View my calendar

Received on Monday, 8 October 2018 05:59:26 UTC