MD5's potential for collisions doesn't significantly compromise its use in this application though, does it? Even SSL uses MD5, and if it's good enough for SSL...
Digest authentication does not require you to store passwords in plaintext. You only need to store the hash of "username:realm:password". I have the AJAX login thing sitting somewhere on one of my hard drives; I'll try to dig it out and put it online. On Oct 22, 7:51 am, "Aaron Swartz" <[EMAIL PROTECTED]> wrote: > > A lot of smart people worked hard on creating the digest > > authentication standard. > > It still has the problems I mentioned, right: a) it uses the broken > MD5 hash, b) it requires passwords to be stored in cleartext. > > Do you have a demo of the AJAX thing somewhere? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web.py" group. To post to this group, send email to webpy@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/webpy?hl=en -~----------~----~----~----~------~----~------~--~---
