Javascript login authentication...

Jul. 11th, 2006 02:36 am
ibneko: (Default)
[personal profile] ibneko
Authentication:
We'll generate a new challege string. This will be composed of:
- a random lifespan
- a random character
- and probably the mysql key for the row we're temporarily storing our randomness in.
We'll encode this in MD5 and send it to the client as the challenge.
Client encodes (password+challenge) with MD5 and sends this back to us.
We compare MD5(password+challenge) with what client replies with.
If they match, they're authenticated.

--
Did I get that right? I've been reading various articles and also looking at livejournal code. I'm pretty sure it's right, as... even if the MD5 hash gets intercepted by someone in the middle, they can't guess the password, since it'll be quite different each time: changing one letter in the string used to generate MD5 will result in a vastly different MD5 hash, if my memory isn't lying. And our challenge string will be different each time.
  • Current Music: voxifera - ERA - The Mass
Tags:
  • Add Memory
  • Share This Entry
Threaded | Flat

Date: 2006-07-11 07:13 am (UTC)
From: [identity profile] jaiwithani.livejournal.com
Everyone knows the best way to handle authentification is store the password as a string in the html and compare it to the user's input in a javascript popup :-P
  • Add Memory
  • Share This Entry
Threaded | Flat

Expand Cut Tags

No cut tags

Profile

ibneko: (Default)
ibneko

Most Popular Tags

Page Summary

Active Entries

Style Credit

Page generated Jul. 14th, 2025 10:25 pm
Powered by Dreamwidth Studios
January 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2021