Re: New Input type proposal

Alexander Mueller wrote:
> J.O. Aho wrote:
>>
>> As you mentioned your system would prevent the administrator from 
>> knowing your
>> password, then the password has to be hashed already at the site, and
>> therefore the ha****ng has to be the the same in the form as on the 
>> site, or
>> else you would always fail the login or the site has to spend long 
>> time with
>> cracktools to be able to find out the password and then has it the way 
>> it's
>> hashed on the site.
> 
> Sorry I dont really know what you are exactly meaning.
> 
> Again, please reread my initial posting, I guess everything should be 
> clear then :). The system wouldnt know the plain text password (which it

> doesnt need) but only the hash code.

OK, so the password has been left out of the server side entirely. 
Instead, to access the application you need the hash value, and the 
server administrator has access to *that*. So just substitute the word 
"password" for the word "hash" and the server administrator is now able 
to intercept the value of the hash that will give him access to the 
application.

The point of an application storing a hash instead of the original 
password is that it only accepts the password for authentication, 
computing its hash when the it's provided and comparing it with the hash 
it has in its user lookup table. If someone hacks the user table and 
finds the hashes, it won't do the hacker any good because the 
application doesn't provide any interface for accessing the system by 
providing the hash directly. If the hacker submits the hash as though 
it were the password, the application will hash the hash, and the 
computed rehash won't match the stored hash. The application has to see 
the password itself before it will grant access.