Another Distributed Password System
Ask Bjørn Hansen
ask at develooper.com
Thu May 19 20:14:51 PDT 2005
On May 19, 2005, at 17:48, <brian at suda.co.uk> wrote:
> the site i wanted to login to would fetch my xml file and parse it.
> Then it would see type="text/sha1". It would then proceed to hash
> my plain-text password. If that sha1(plain-text) = XML li node
> value, then i have proven something only i would know.
Unless I misunderstand you then the site you just authenticated with
would then know your password too and could go use it somewhere else....
- ask
--
http://www.askbjoernhansen.com/
More information about the yadis
mailing list