Benjamin Juang (ibneko) wrote,
Benjamin Juang
ibneko

  • Music:

Javascript login authentication...

Authentication:
We'll generate a new challege string. This will be composed of:
- a random lifespan
- a random character
- and probably the mysql key for the row we're temporarily storing our randomness in.
We'll encode this in MD5 and send it to the client as the challenge.
Client encodes (password+challenge) with MD5 and sends this back to us.
We compare MD5(password+challenge) with what client replies with.
If they match, they're authenticated.

--
Did I get that right? I've been reading various articles and also looking at livejournal code. I'm pretty sure it's right, as... even if the MD5 hash gets intercepted by someone in the middle, they can't guess the password, since it'll be quite different each time: changing one letter in the string used to generate MD5 will result in a vastly different MD5 hash, if my memory isn't lying. And our challenge string will be different each time.
Tags: ouqi, technical
Subscribe

  • Wii U

    So I got the Wii U a few days ago. Deluxe version. Quite pleased with it - it's pretty and shiny. I'm a bit disappointed that the touch screen is…

  • NaNoWriMo 2012 Status

    NaNoWriMo status: Words written today: 3,345. Total: 7,745. I'm 3,921 short of where I should have been by the most recent midnight. 5588 words short…

  • Move, part 2

    Did another 4 trips over 5 hours with a local zipcar. Now my new apartment is a maze of boxes, trash bags, and paper bags with handles (trash bags…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments