- From: David Woolley <forums@david-woolley.me.uk>
- Date: Wed, 21 Jul 2021 23:43:20 +0100
- To: www-html@w3.org
On 21/07/2021 23:07, Patrick H. Lauke wrote: > > But doing that, the site just revelaed their salt to the world, so > anybody who manages to get hold of the user database can crack it with > far greater ease. That's not what is being suggested. The suggestion is for those (basically everyone these days) that doesn't actually use HTTP authentication, that the input element should provide something analogous to WWW-Authenticate: with digest authentication. What was called salt isn't stored in password file, but is what is usually called a nonce, and is a short lived random challenge.
Received on Wednesday, 21 July 2021 22:44:15 UTC