On 9 Nov 2005 11:49:36 -0500, Pat Collins <pat@linuxcolumbus.com> wrote:
On Wed, 9 Nov 2005 11:40:11 -0500, Khalid B <kb@2bits.com> wrote :
This doesn't even begin to address spyware/keyloggers. The the only solution is ssl/tls since you are still sending the data in clear text over an unsecured network. But even in that case a locally installed keylogger will get your passwords no matter what.
Spyware keyloggers will still compromise passwords even if SSL is used, since they are a local thing on the PC that captures keystroke.
SSL is no solution to that.
Didn't I just say that? If not I meant too. :)
So here is my vote no vote for MD5 via javascript.
Well, it sounded like you were criticizing the SSL solution vecause it does not address keyloggers. I was saying that it will not (nothing so far protects from a local infection). So we are in agreement, and I apologize.