There's more than one way to do things | |
PerlMonks |
Re: Web based password management (or how *not* to blame tye)by belg4mit (Prior) |
on Mar 24, 2002 at 20:47 UTC ( [id://153934]=note: print w/replies, xml ) | Need Help?? |
Passing the password as an MD5 hash
isn't any better than passing it in the clear,
if it weren't done over SSL. Just thought I'd
point it out and make it explicit.
I've done something similar in the past. If we wanted to be truly paranoid we'd implement S/Key. (I wish I had my JavaScript S/Key implementation working, maybe someday...). UPDATE: Some reading on S/Key; RFC 1938, RFC 2289
--
In Section
Meditations
|
|