|
|
|
|
|
|
by teraflop
4367 days ago
|
|
|
Sure, and any sane implementation of BitAuth should use SSL. The point I'm trying to make is that if you can trust SSL to protect a BitAuth signature, you can also trust it to protect a password. So claiming "passwords may travel over plaintext" as a relative advantage of this scheme is disingenuous; in both cases, you need to provide that protection at a lower protocol level. |
|
|