diff options
author | Azul <azul@leap.se> | 2012-07-03 14:24:17 +0200 |
---|---|---|
committer | Azul <azul@leap.se> | 2012-07-03 14:24:17 +0200 |
commit | 7367bf009d778d96c1c40a20c055bba0596ab2b4 (patch) | |
tree | 74f2786c51d5af9adec4696a459ca485633fcdb5 /example/views/index.erb | |
parent | 458975ce0e17a5d752ac99f68a23236b7f078519 (diff) |
fixed workflow and reduced copy
Diffstat (limited to 'example/views/index.erb')
-rw-r--r-- | example/views/index.erb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/example/views/index.erb b/example/views/index.erb index 24d2501..0ff91e1 100644 --- a/example/views/index.erb +++ b/example/views/index.erb @@ -3,19 +3,19 @@ <div class="span4"> <h2>1. Signup</h2> <p> - First you signup just like normal. Your browser runs a bit of javascript and does not transfer your password but some validator based on it. + Your browser transfers an encrypted verifier based your password. But it does not send the password itself. </p> </div> <div class="span4"> <h2>2. Login</h2> <p> - Login using the same credentials. Again javascript is used to calculate a random number and a key based on it that the server then uses to validate your password. + You enter your password - your browser exchanges encrypted data with the site to check if it was the right one. </p> </div> <div class="span4"> <h2>3. Verify</h2> <p> - The server logs will tell you your password was not transmitted in clear. Never the less the server can determine wether you were authorized. + You can see from the logs that your password was not send. The login process is different each time so it can't be replayed. </p> </div> </div> |