Timmmm
commented
9 years ago Yeah. Still vulnerable to MitM, but that is the best you can do without https (which is always going to be a massive pain until something like DANE happens).
Open fietronic opened 9 years ago
You could include a javascript Sha1 function with the httpserver such as http://www.movable-type.co.uk/scripts/sha1.html#src-code
and have the http server send a randomized salt in the web page and then sha1(password+salt) on javascript the check on server side.