Digest Password
From: azol (azol_at_discussions.microsoft.com)
Date: 06/27/05
- Next message: ma81x: "How to create self-signed PFX"
- Previous message: ATR: "RE: What about beginners?"
- Next in thread: Marco van Nieuwenhoven: "RE: Digest Password"
- Reply: Marco van Nieuwenhoven: "RE: Digest Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Jun 2005 12:26:03 -0700
To authenticate a user, we can use a username and a password. It is
recommended to use a hashed password. We can make a digest password in the
client side or in the server side and compare it with the stored hashed
password in the database.
Why do we do this?
Let's say we pass the password in the clear text format and hash it in the
server side. In this case the hacker can monitor the network and get access
to the username and the password (before hashing process), then login to the
system with those credentials.
Now let's say that we hash the password in the client side and pass it to
the server. Also in this case, if a hacker monitors the and get access to the
username and the digested password, when it is getting transferred from the
client to the server, the hacker can use these credentials and login to the
system as well.
I would appreciate your clarifications.
- Next message: ma81x: "How to create self-signed PFX"
- Previous message: ATR: "RE: What about beginners?"
- Next in thread: Marco van Nieuwenhoven: "RE: Digest Password"
- Reply: Marco van Nieuwenhoven: "RE: Digest Password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
