9 Nov
2005
9 Nov
'05
5:40 p.m.
This doesn't even begin to address spyware/keyloggers. The the only solution is ssl/tls since you are still sending the data in clear text over an unsecured network. But even in that case a locally installed keylogger will get your passwords no matter what.
Spyware keyloggers will still compromise passwords even if SSL is used, since they are a local thing on the PC that captures keystroke. SSL is no solution to that.