Your skill will accomplish what the force of many cannot |
|
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Passing the password as an MD5 hash
isn't any better than passing it in the clear,
if it weren't done over SSL. Just thought I'd
point it out and make it explicit.
I've done something similar in the past. If we wanted to be truly paranoid we'd implement S/Key. (I wish I had my JavaScript S/Key implementation working, maybe someday...). UPDATE: Some reading on S/Key; RFC 1938, RFC 2289
-- In reply to Re: Web based password management (or how *not* to blame tye)
by belg4mit
|
|