Lloyd Leung

Cryptography: JavaScript MD5: Login System

Paj’s Home: Cryptography: JavaScript MD5: Login System
Hmm… thought in my head.
Server
$Server_Pass_Hash // Server has a hash of the users password, retrieved from a database.
var $Date = now(); // Current date as of the moment now()

Server sends the $Date to the client browser.
Client side
Client types in the password in an <input type=”password”> box. $Client_Password.
use a JS function called Hash(value) to generate a hash.
$temp = Hash($Client_Password);
$Client_Hashed_password = Hash($temp + $Date);

Send both back to server.
$Client_Hashed_password
$Date

Sever checks to see if the $Date is less than 2 minutes old (or whatever). If bad, redo, else…
Server computes
$chk = Hash ($Server_Password_Hash + $Date);
if ($chk == $Client_Hashed_password)
//then allow into the system, via a session ID.

[update]
After typing the above, it scares me a little to know that I can have a coherant thought like that. The flow works.

Posted

in

by

LloydLeung

Tags:

Comments

One response to “Cryptography: JavaScript MD5: Login System”

  1. Lloyd Leung Avatar
    Lloyd Leung

    Oh yeah, this should maintain a login IP, and only that login IP shall be able to access that session. Avoid injection/capture attacks.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *