[drupal-devel] Securing Login: MD5 password hashing
pat at linuxcolumbus.com
Tue Nov 8 17:29:56 UTC 2005
On Tue, 8 Nov 2005 18:14:58 +0100, =?ISO-8859-1?Q?Konstantin_K=E4fer?=
<kkaefer at gmail.com> wrote :
> Why should sending the password hashed increase security? Just get the
> hashed password and provide that to the script (of course not by
> entering it in the password field but by "faking" the HTTP POST
> The only way to protect the password is using SSL or TLS.
True, but not everybody can use ssl/tls. What about some kind of
authentication checking where the site would keep track of where you have
logged in from and upon detection of a change would prompt you with a
question that only you would know or send you an email that you would have
to respond to before you could gain access?
More information about the development