[TYPO3-50-general] Proposal for a RSA authentication provider/mechanism

[Andreas Förthner]

Hi,

I forgot to say that we would have to change every BE Form where you can 
change your password oder create/edit an user account, in a way that 
nowhere are plaintext password sent. My first thought was to create the 
salt and the md5(password+salt) directly on the client via JavaScript, 
as an attacker cannot use this hash and salt for authenticating himself. 
But I'm not sure, if this is really secure. Anyone?

Thanks.

Greets Andi