defunct (thegreatdark) wrote in lj_dev,

MD5 hashes vs plaintext passwords

Is it possible to create MD5 hashes on a Windows C++ client, example being the LiveJournal client?

If so, would it not make more sense to send the MD5 hash over HTTP POST (to login, etc) instead of the plaintext password? (I'm assuming plaintext; I'm damn sure it's plaintext)

Bad examples being -- someone accesses their LiveJournal on company time. Net admin sees this and forwards it to whoever. They, in turn, delete the person's LiveJournal. I mean, that's an extreme scenario, but it could happen. (Though chances are they'd fire someone before doing that)

I've heard numerous accounts of people saying their boss / company made them delete their LiveJournal. If the company could do it on their own...

Not to mention general security. Packet sniffers are no man's friend. (Well, unless I want your password, but that's a different story, isn't it?)

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded