Timeline for Why almost no webpages hash passwords in the client before submitting (and hashing them again on the server), as to "protect" against password reuse?
Current License: CC BY-SA 3.0
2 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 17, 2011 at 20:13 | comment | added | x4u | While client certificates are a reasonable approach for some use cases, they are not something that can be added easily to a website login. They require a great deal of cooperation from the users and depend on how secure the users private key is. The usage of a private key can be either secure or convenient but not both at the same time. | |
| May 17, 2011 at 16:32 | history | answered | Michael Brown | CC BY-SA 3.0 |