Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror

Comment Re:His Password Comment (Score 1) 147

by Lost my low ID nick (#21587369) Attached to: Freakonomics Q&A With Bruce Schneier

But here's the idea. Let the browser perform the one-way hashing. You enter your password, the browser hashes it, and the hashed value is sent to the site.

It's called "Digest Auth" and has been in browsers for quite some time now. In fact, even non browser http-using tools like wget or subversion or basically and file manager using WebDAV support it. I know of no web server that doesn't support it, too.

It's not supported in html forms, though, and as everybody has to have nifty login forms instead of http auth, which is so web 1.0, we all fall back to plain text passwords, even here on slashdot, a geek site. :-(. I once saw a site that encrypted the password with RSA in JavaScript before sending it, the first security enhancing use of JS I saw to that day. They had a little sleep call in there, too, to make it feel more secure to the user ("Ugh, encrypting... please wait... oh, this is hard work... ugh...")
Microsoft

Submission + - Microsoft launches open source site (microsoft.com)

Submitted by
prostoalex
prostoalex writes: "Microsoft launched a site dedicated to collaboration between Microsoft and open source community. The site helps developers, IT administrators, and IT buyers find out what Microsoft's product offerings are, and read articles about open source such as "Open Source Provider Sees Sales Doubling After Moving Solutions to the Windows Platform.""

Slashdot Top Deals

Every young man should have a hobby: learning how to handle money is the best one. -- Jack Hurley

Close