[development] Securing Login: MD5 password hashing
using javascript
Pat Collins
pat at linuxcolumbus.com
Wed Nov 9 16:49:36 UTC 2005
On Wed, 9 Nov 2005 11:40:11 -0500, Khalid B <kb at 2bits.com> wrote :
> > This doesn't even begin to address spyware/keyloggers. The the only
> > solution is ssl/tls since you are still sending the data in clear text over
> > an unsecured network. But even in that case a locally installed keylogger
> > will get your passwords no matter what.
>
> Spyware keyloggers will still compromise passwords even if SSL is
> used, since they are a local thing on the PC that captures keystroke.
>
> SSL is no solution to that.
>
Didn't I just say that? If not I meant too. :)
So here is my vote no vote for MD5 via javascript.
Pat
More information about the development
mailing list