[wp-hackers] Client side password encryption

Viper007Bond viper at viper007bond.com
Mon Mar 17 08:25:51 GMT 2008

Nevermind about this whole thread. I don't think it's possible as while I
don't know about migrated passwords, I believe all post-2.5 passwords will
be encrypted without ever touching MD5. Just a direct password -> phpass and
replicating phpass with JS doesn't look easy or a good idea.

Obscuring a base64 encoded string also won't work because the server has to
tell the client how to obscure it which someone could easily intercept and
then use to fix the malformed hash and then decode it.

Oh well. I guess it's either SSL or nothing.

Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/

More information about the wp-hackers mailing list