Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
furyofantares
on Aug 3, 2012
|
parent
|
context
|
favorite
| on:
Why Valve? Or, what do we need corporations for..
Can you explain what you feel is foolish about encrypting passwords on top of SSL?
codexon
on Aug 3, 2012
[–]
If your SSL is compromised, the attacker can insert javascript to send the unencrypted password somewhere else.
That is why security experts like tpacek have repeatedly said js encryption schemes aren't secure.
furyofantares
on Aug 4, 2012
|
parent
[–]
Why do you say an SSL compromise necessarily means the attacker can manipulate the connection? And what about a promise between the SSL endpoint and the database?
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
