Hacker News new | ask | show | jobs
by k3d3 3910 days ago
It mitigates passive MITM attacks, for one.

On the other hand, there's nothing that's made _worse_ by choosing to do it that way. Plenty of things that are the same, some things better, but nothing worse.
1 comments
Stefan-H 3910 days ago
Hardly - if you are not using HTTPS in the first place then sending the hash across the wire instead of the password are the least of your worries.
link