paranoid authentication system :) Criticize needed.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Polar
Forum Newbie
Posts: 12
Joined: Sat Aug 03, 2002 8:57 am

Post by Polar »

Hi !

generally no of course :) nobody can't :) But there is some strange magic in that 3 symbols - MD5 :) Everybody trying to ise it in all possible and impossible places and beleive that more md5==more protection :) Whereas:
using md5 on client side and sending accross network passwors in md5 == storing not crypted plan text passwords in DB
It is easy to understand why (but for example i am lost too much time before understanding :)
User avatar
llimllib
Moderator
Posts: 466
Joined: Mon Jul 01, 2002 2:19 pm
Location: Baltimore, MD

Post by llimllib »

Just another reason not to use flash for a login script:
GetURL Post Method Fails
Send using POST fails in Netscape 6.0 on Mac OS 9.x. This issue is resolved with Netscape 6.2 using Flash Player 6 r40 or later.
User avatar
BDKR
DevNet Resident
Posts: 1207
Joined: Sat Jun 08, 2002 1:24 pm
Location: Florida
Contact:

Post by BDKR »

Hi Polar,

I just wanted to say that I hear what you're getting at about everybody thinking that md5 is this magic thing. By itself, it's good, but what we realize is that by itself, it's not enough. But don't throw the baby out with the bath water. There are a lot of things that need to be done in conjunction with the use of md5. The amount of thought that you've put into the system as a whole is impressive! On the other hand, all i've done is focus squarely on login security and an alternative to PHP's built in sessions.

So, you are more than 100% correct when you say that md5 is thought of too highly. It's just a start. It must be part of a system as a whole.

Later on,
BDKR
User avatar
hob_goblin
Forum Regular
Posts: 978
Joined: Sun Apr 28, 2002 9:53 pm
Contact:

Post by hob_goblin »

also, md5 is just a simple way to encrypt, we could all use crypt() or other functions to do it... but md5 seems the most popular
User avatar
BDKR
DevNet Resident
Posts: 1207
Joined: Sat Jun 08, 2002 1:24 pm
Location: Florida
Contact:

Post by BDKR »

hob_goblin wrote:also, md5 is just a simple way to encrypt, we could all use crypt() or other functions to do it... but md5 seems the most popular
It's most correct to say that md5 is a hashing algorthm. Not encryption. Things like md5, sha1, sha2, and haval are great for hashing. If you are so interested, check out this page.

http://www.mirrors.wiretapped.net/secu ... y/hashes/

Of course, this is all in C, but it's interesting to look at it. Not having to define vars in php sure is nice. :twisted:

Later on,
BDKR
Polar
Forum Newbie
Posts: 12
Joined: Sat Aug 03, 2002 8:57 am

Post by Polar »

Hi all!

Just want to say that beta 0.96 is available for downloading from http://polar-lights.com/hackerhunter/ and for looking inside :)
Post Reply