Re: Client side password encryption

by howard chen :: Rate this Message:

On Sun, Mar 16, 2008 at 5:27 PM, Viper007Bond <viper@...> wrote:
> So I've been playing around with
> http://wordpress.org/extend/plugins/semisecure-login/
>

Personally, even if you encrypt the password at client side using md5,
it is still subject to replay attack.

A better system would be: http://pajhome.org.uk/crypt/md5/auth.html

Howard
_______________________________________________
wp-hackers mailing list
wp-hackers@...
http://lists.automattic.com/mailman/listinfo/wp-hackers