Boris Zbarsky wrote: > > So the .value of this input would already be hashed? Otherwise, this > argument fails: the page can just grab the value and do whatever it > wants with it.
This question is covered by my initial posting :). Please reread it, it should actually answer most/all questions. If not please let me know. But basically this is still to be discussed but personally I'd tend to say have it hashed. > > Weak encryption is almost worse than none: it provides a false sense of > safety without an appreciable increase in security... Thats why I wrote semi-encryption as it is no encryption but a hashing, which cannot be reversed/decrypted by concept. Hence no weak encryption. Alexander _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
