[development] Securing Login: MD5 password hashing using javascript

Syscrusher scott at 4th.com
Thu Nov 10 15:17:35 UTC 2005

On Wednesday 09 November 2005 21:49, Herman Webley wrote:
> You can build md5(challenge)+md5(password) if you have md5(password)
> but you can't build md5(challenge+password) which is what we would
> use. So they would need to know the unhashed password, not just its
> md5.
> Is that right?


Scott Courtney     Drupal user name: "syscrusher"   http://drupal.org/user/9184
scott at 4th dot com       Drupal projects: http://drupal.org/project/user/9184
Sandbox:  http://cvs.drupal.org/viewcvs/drupal/contributions/sandbox/syscrusher

More information about the development mailing list