Reusing passwords requires the users to know that the encryption is of a safe variety. Most users are not qualified to tell good crypto from bad crypto. Heck, most programmers can't be qualified to use good cypto correctly.
Password Encryption done client-side must be handled very carefully to avoid replay attacks yet still actually validate something. Sounds like a half-hearted attempt at Challenge-response. tl;dr No. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
