[Project_owners] Creating applications with Mozilla

WC Leung lwchk2001 at yahoo.com.hk
Thu Aug 25 00:26:45 EDT 2005


I think that dictionary attack is still not possible if you use a good 
password. BTW, it is susecptible to replay attacks if the hash is not 
formed using a salt.

Eric Jung wrote:
> True about Yahoo, but as I wrote before--if you look at the HTML of
> mail.yahoo.com, you will see JavaScript which MD-5 hashes your
> password before submitting it over HTTP. This "hides" your password
> to snoopers, although it is susecptible to dictionary attacks. Gmail
> does use SSL for login; not why you said they don't?
> 


More information about the Project_owners mailing list