Here is a patch to make the settings page more convient to the users what are not openid experts.

Comments

anarcat’s picture

Status: Needs review » Needs work

I agree in principle, I would rephrase a little the message:

This timeout is necessary to ensure proper security of your identities. If an attacker sniffing the network gets a hold of the SHA1 hash and is somehow able to bruteforce it, he can perform a man in the middle attack and access the target site. Since brute force attacks take a long time, this timeout ensures this attack is impracticable.

Also, "Read more" could be "More information about this issue."

aron novak’s picture

StatusFileSize
new1.19 KB
aron novak’s picture

Status: Needs work » Needs review

Thank you for making the text more readable.

anarcat’s picture

Status: Needs review » Reviewed & tested by the community

Thanks. :) I therefore feel this is RTBC.

walkah’s picture

Status: Reviewed & tested by the community » Fixed

committed! thanks guys. :-)

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.