Another Distributed Password System
    Ask Bjørn Hansen 
    ask at develooper.com
       
    Thu May 19 20:14:51 PDT 2005
    
    
  
On May 19, 2005, at 17:48, <brian at suda.co.uk> wrote:
> the site i wanted to login to would fetch my xml file and parse it.  
> Then it would see type="text/sha1". It would then proceed to hash  
> my plain-text password. If that sha1(plain-text) = XML li node  
> value, then i have proven something only i would know.
Unless I misunderstand you then the site you just authenticated with  
would then know your password too and could go use it somewhere else....
  - ask
-- 
http://www.askbjoernhansen.com/
    
    
More information about the yadis
mailing list