[development] Securing Login: MD5 password hashing using javascript

Khalid B kb at 2bits.com
Wed Nov 9 16:40:11 UTC 2005

> This doesn't even begin to address spyware/keyloggers.  The the only
> solution is ssl/tls since you are still sending the data in clear text over
> an unsecured network.  But even in that case a locally installed keylogger
> will get your passwords no matter what.

Spyware keyloggers will still compromise passwords even if SSL is
used, since they are a local thing on the PC that captures keystroke.

SSL is no solution to that.

More information about the development mailing list