Like others here have mentioned, what the writer is missing is that when a single solution for creating these hashes are implemented, web-wide, browser-wide, the hashes themselves are equal to the passwords. On this merit alone, the proposal fails.
i'm not sure i understand why that's a failure. my understanding is that's the point: every user now has a password that is unique on a per-domain basis. i don't understand this to be an attempt to protect against the kind of attack that gave access to the gawker passwords, but rather an attempt to limit the scope of such an attack to only a single site.
if there's something that i'm missing here, can you please elaborate on it?
