Don't ask to ask, just ask | |
PerlMonks |
Re: Re: Web based password management (or how *not* to blame tye)by maverick (Curate) |
on Mar 24, 2002 at 21:43 UTC ( [id://153941]=note: print w/replies, xml ) | Need Help?? |
um...ya..duh. Pardon the blonde moment. I was thinking of a different scheme and combined two. The javascript md5 thing would work if you sent along a random salt into the login page, then the password (or the md5 crypted password) is crypted with this salt and then sent to the server. Thus capturing it wouldn't do any good, since to login again, there would be a different salt.
Better?
/\/\averick
In Section
Meditations
|
|