[development] Securing Login: MD5 password hashing using
javascript
Syscrusher
scott at 4th.com
Thu Nov 10 15:17:35 UTC 2005
On Wednesday 09 November 2005 21:49, Herman Webley wrote:
> You can build md5(challenge)+md5(password) if you have md5(password)
> but you can't build md5(challenge+password) which is what we would
> use. So they would need to know the unhashed password, not just its
> md5.
>
> Is that right?
Yes.
--
-------------------------------------------------------------------------------
Scott Courtney Drupal user name: "syscrusher" http://drupal.org/user/9184
scott at 4th dot com Drupal projects: http://drupal.org/project/user/9184
Sandbox: http://cvs.drupal.org/viewcvs/drupal/contributions/sandbox/syscrusher
More information about the development
mailing list