The fact that it is symmetric leads to the problem.
Even if the attacker had fully compromised the server end they get nothing. There's no reply attack. No shared secret they can use to log into another web site. Zero value.
with per-site passphrases there is no cross-site threat. there is replay, as you point out. would be interested to hear smb on this.
Yep. Don't get me wrong, there's an RFC or two here, a few pages of code in web servers and browsers. I am not asserting this is a trival change that could be made by one guy in a few minutes. However, I am suggesting this is an easy change that could be implemented in weeks not months.
did you say RFC in the same sentence as weeks? but i definitely agree that we should be able to do better than we are now. randy