|
|
Posted by Alexander Mueller on 01/09/08 18:31
J.O. Aho wrote:
>
> As you mentioned your system would prevent the administrator from knowing your
> password, then the password has to be hashed already at the site, and
> therefore the hashing has to be the the same in the form as on the site, or
> else you would always fail the login or the site has to spend long time with
> cracktools to be able to find out the password and then has it the way it's
> hashed on the site.
Sorry I dont really know what you are exactly meaning.
Again, please reread my initial posting, I guess everything should be
clear then :). The system wouldnt know the plain text password (which it
doesnt need) but only the hash code. This can then be compared to the
stored hash code. The only difference is the computation of the hash
happens locally - no brute force, no same passwords.
Alexander
Navigation:
[Reply to this message]
|