On 10 Nov 2005, at 5:47 PM, Rafa Couto wrote:
It is possible to secure sending of password using md5 hashes on the client side using javascript.
A good example and explaination of this could be found at http://pajhome.org.uk/crypt/md5/auth.html
Have you tested it with charset cases? Does JS show same MD5 value in UTF-8 as in ISO-X-Y charsets? It could result in a crash test...
I think that JS hashing gives more problems than benefits. May be a virtual keyboard to avoid keyloggers... Yeah. that would be cool.
Something my bank does as well, is have me set up a password, and it only asks me <x> random characters out of how many ever letters it is. This is an extra password, over and above the account pin number. They also have a keypad for typing in the account number / pin, on the page before this. -- Adrian Rossouw Drupal developer and Bryght Guy http://drupal.org | http://bryght.com
