« Return to Thread: Client side password encryption

Re: Client side password encryption

by Viper007Bond-3 :: Rate this Message:

It's combined with a one-time use nonce, so I don't believe that can happen.

DD32: Yeah, the new hashes are longer than 32 characters and MD5 sucks, so I
figured, but I'm still trying to figure out if I can get from MD5( $pass )
to $newHash somehow. I'll poke around the code some more.

On Sun, Mar 16, 2008 at 3:08 AM, howard chen <howachen@...> wrote:

> On Sun, Mar 16, 2008 at 5:27 PM, Viper007Bond <viper@...>
> wrote:
> > So I've been playing around with
> > http://wordpress.org/extend/plugins/semisecure-login/
> >
>
> Personally, even if you encrypt the password at client side using md5,
> it is still subject to replay attack.
>
> A better system would be: http://pajhome.org.uk/crypt/md5/auth.html
>
> Howard
> _______________________________________________
> wp-hackers mailing list
> wp-hackers@...
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

--
Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/
_______________________________________________
wp-hackers mailing list
wp-hackers@...
http://lists.automattic.com/mailman/listinfo/wp-hackers

« Return to Thread: Client side password encryption