Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Re: žIs this a secure way to handle login?

by maverick (Curate)
on Mar 27, 2002 at 16:58 UTC ( #154724=note: print w/ replies, xml ) Need Help??

in reply to Re: žIs this a secure way to handle login?
in thread Is this a secure way to handle login?

One non-obvious addition. Don't use /usr/dict/words verbatim. Apache and most other web servers will announce what they are and what os they're on. With that piece of info, someone could find the same version of /usr/dict/words that you have and only have to guess your initial random number and hash function (because you'd probably be using one of the standard ones) to replicate your hash. Use a randomized version of /usr/dict/words. That way you have two random elements in play.

perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"

Comment on Re: Re: žIs this a secure way to handle login?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://154724]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (3)
As of 2015-11-27 05:37 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (719 votes), past polls