- From: James Graham <jgraham@opera.com>
- Date: Mon, 20 Jun 2011 10:40:20 +0200
On 06/17/2011 08:34 PM, Aryeh Gregor wrote: > On Thu, Jun 16, 2011 at 5:39 PM, Daniel Cheng<dcheng at chromium.org> wrote: >> A variation of this idea has been proposed in the past but was largely seen >> as undesirable--see >> http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-May/026254.html. In >> general, I feel like the same objections are still true of this proposal. > > This proposal is considerably better formulated than that one was. > But yes, in the end, the only real benefit is that the user can > confirm that their original plaintext password can only be retrieved > by brute-forcing the hash, which protects them only against reuse of > the password on different sites. So on consideration, it will > probably lead more to a false sense of security than an actual > increase in security, yes. It no longer seems like a good idea to me. FWIW I disagree. The same argument could be used against client-side form validation since some authors might stop doing proper server-side validation. But, as in that case, there are definite end user benefits ? I consider limiting the scope of attacks to just a single site even in the face of password reuse to be a substantial win ? and the authors who are most likely to get the server-side wrong are the same ones who are already storing passwords in plain text.
Received on Monday, 20 June 2011 01:40:20 UTC