[drupal-devel] Securing Login: MD5 password hashing using javascript

Moshe Weitzman weitzman at tejasa.com
Tue Nov 8 18:58:47 UTC 2005

Konstantin Käfer wrote:
> Hello,
> Why should sending the password hashed increase security? Just get the
> hashed password and provide that to the script (of course not by
> entering it in the password field but by "faking" the HTTP POST
> values).

the opriginal post already covered this. see below.

>>>While an attacker can still use it for logging in to the drupal site
>>>this prevents to reuse the password on other sistems where the user
>>>has an account.

More information about the development mailing list