On 2016-11-17 9:28 AM, Pine W wrote:
- If you don't trust that strength testing site (which is fine), choose
another. I did a couple of quick checks on that site; while it's entirely possible that I missed something, it appeared to me that the site was not sending passwords over the Internet, whether in the clear or encrypted. The use of HTTP or HTTPS is irrelevant if the data isn't getting sent out in the first place.
Using HTTP means that a man in the middle could inject a script into these sites that would extract any password entered into them.
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]