|
Posted by Alexander Mueller on 01/10/08 23:23
Disco Octopus wrote:
>
> Does this capture your idea simply?
>
Yes, almost, there are some slight differences but I guess it would work
this way probably as well.
The passwords are stored hashed in the database. If they were hashed
using a salt, the salt always needs to be passed in the "salt"
attribute. Additionally, a random session based replay salt can be
defined to prevent replay attacks.
The rest is more or less as you stated. If you use Firefox 2, please
feel free to install Hash Input to see how it works.
Alexander
Navigation:
[Reply to this message]
|