[Project_owners] Creating applications with Mozilla
lwchk2001 at yahoo.com.hk
Thu Aug 25 00:26:45 EDT 2005
I think that dictionary attack is still not possible if you use a good
password. BTW, it is susecptible to replay attacks if the hash is not
formed using a salt.
Eric Jung wrote:
> True about Yahoo, but as I wrote before--if you look at the HTML of
> password before submitting it over HTTP. This "hides" your password
> to snoopers, although it is susecptible to dictionary attacks. Gmail
> does use SSL for login; not why you said they don't?
More information about the Project_owners