Another Distributed Password System

Ask Bjørn Hansen ask at
Thu May 19 20:14:51 PDT 2005

On May 19, 2005, at 17:48, <brian at> wrote:

> the site i wanted to login to would fetch my xml file and parse it.  
> Then it would see type="text/sha1". It would then proceed to hash  
> my plain-text password. If that sha1(plain-text) = XML li node  
> value, then i have proven something only i would know.

Unless I misunderstand you then the site you just authenticated with  
would then know your password too and could go use it somewhere else....

  - ask


More information about the yadis mailing list