Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Re: žIs this a secure way to handle login?

by maverick (Curate)
on Mar 27, 2002 at 16:58 UTC ( #154724=note: print w/ replies, xml ) Need Help??


in reply to Re: žIs this a secure way to handle login?
in thread Is this a secure way to handle login?

One non-obvious addition. Don't use /usr/dict/words verbatim. Apache and most other web servers will announce what they are and what os they're on. With that piece of info, someone could find the same version of /usr/dict/words that you have and only have to guess your initial random number and hash function (because you'd probably be using one of the standard ones) to replicate your hash. Use a randomized version of /usr/dict/words. That way you have two random elements in play.

/\/\averick
perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"


Comment on Re: Re: žIs this a secure way to handle login?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://154724]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (8)
As of 2014-07-10 07:54 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (202 votes), past polls