Hello all,
On Wednesday 27 October 2010 16:15:35 Dave wrote: > (...) I encrypt the passwords in the browser (using the > same algorithm) and always transmit an encrypted password. There's no > place to peek. (...) I believe you mean `I take a hash of password and some salt in the browser and always transmit the hash' (or better, `I use HMAC')... Otherwise the owner of the process could still trace it to recover the passwords, coudn't he? -- dexen deVries ``One can't proceed from the informal to the formal by formal means.'' -- UNSUBSCRIBE: mailto:picol...@software-lab.de?subject=unsubscribe