|
|
|
|
|
|
by RupertWiser
1984 days ago
|
|
|
I kept reading waiting for the author to address man in the middle attacks but no mention. This adds no additional security. You can easily provide your own keys or JavaScript and completely bypass this. Like others have suggested, I get the impression this system is assuming TLS will work and perhaps isn’t trusting the server the password ends up on. |
|
|