ibneko: (Default)
[personal profile] ibneko
Authentication:
We'll generate a new challege string. This will be composed of:
- a random lifespan
- a random character
- and probably the mysql key for the row we're temporarily storing our randomness in.
We'll encode this in MD5 and send it to the client as the challenge.
Client encodes (password+challenge) with MD5 and sends this back to us.
We compare MD5(password+challenge) with what client replies with.
If they match, they're authenticated.

--
Did I get that right? I've been reading various articles and also looking at livejournal code. I'm pretty sure it's right, as... even if the MD5 hash gets intercepted by someone in the middle, they can't guess the password, since it'll be quite different each time: changing one letter in the string used to generate MD5 will result in a vastly different MD5 hash, if my memory isn't lying. And our challenge string will be different each time.
From:
Anonymous
OpenID
Identity URL: 
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

Expand Cut Tags

No cut tags

Profile

ibneko: (Default)
ibneko

Most Popular Tags

Style Credit

Page generated Apr. 25th, 2017 12:50 am
Powered by Dreamwidth Studios
November 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 2016