|File Search||Catalog||Content Search|
Hashing is triggered by prefixing the password with '@@' or by using the shortcut key 'F2'. The password field in focus is replaced by the hash value. Should the site be compromised, the attacker can now only see the hash of the password, not the password itself.
PwdHash does not encrypt passwords, but it makes brute-force attacks much less effective. It also means phishing sites can only steal a hash that's specific to the spoof page and useless on the site being imitated.
pwdhash (1.7-7) unstable; urgency=low * Add bump-maxversion.patch to support Iceweasel/Firefox 3.6. -- Benjamin Drung <firstname.lastname@example.org> Wed, 07 Apr 2010 02:13:52 +0200 pwdhash (1.7-6) unstable; urgency=low * Drop install.rdf.patch and require version 0.19 of mozilla-devscripts. * Bump Standards-Version to 3.8.4 (no changes required). * Switch to dpkg-source 3.0 (quilt) format. -- more»
Format-Specification: http://svn.debian.org/wsvn/dep/web/deps/dep5.mdwn?op=file&rev=59 Name: PwdHash Maintainer: Collin Jackson <email@example.com> Source: http://crypto.stanford.edu/PwdHash/ Files: * Copyright: 2005-2008, Stanford University License: BSD Files: chrome/content/md5.js Copyright: 1999-2002, Paul Johnston License: BSD License: BSD Redistribution and use of this software in more»