You are here: Re: New Input type proposal « HTML « IT news, forums, messages
Re: New Input type proposal

Posted by Jeff on 01/09/08 18:41

Alexander Mueller wrote:
> J.O. Aho wrote:
>>
>> As you mentioned your system would prevent the administrator from
>> knowing your
>> password, then the password has to be hashed already at the site, and
>> therefore the hashing has to be the the same in the form as on the
>> site, or
>> else you would always fail the login or the site has to spend long
>> time with
>> cracktools to be able to find out the password and then has it the way
>> it's
>> hashed on the site.
>
> Sorry I dont really know what you are exactly meaning.

I think he's talking about the salt. Do you pass the salt with the
form submit, if you do, what is the security advantage?

All this looks a bit like unix password encryption where no one knows
the password, only if it is wrong. What would the application be?

Jeff
>
> Again, please reread my initial posting, I guess everything should be
> clear then :). The system wouldnt know the plain text password (which it
> doesnt need) but only the hash code. This can then be compared to the
> stored hash code. The only difference is the computation of the hash
> happens locally - no brute force, no same passwords.
>
> Alexander

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация