Trusting A Million Random Strangers

A proposal for client-side hashing of passwords is making the rounds. Of course, I spoke about this about a decade ago. I then followed it up with a more detailed, browser-integrated suggestion that this should be implemented in the browser, a half a decade ago.

Of course nothing at all has happened on this. People continue to presume that every random site, staffed with people of often dubious talent and unknown morals (it turns out that Ashley Madison was created and managed by a bunch of professional liars! Who would have ever thought…), is trustworthy.

They aren’t. And we have the same outrage every time some fringe site is hacked.