Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re: Re: §Is this a secure way to handle login?

by maverick (Curate)
on Mar 27, 2002 at 16:58 UTC ( [id://154724]=note: print w/replies, xml ) Need Help??


in reply to Re: §Is this a secure way to handle login?
in thread Is this a secure way to handle login?

One non-obvious addition. Don't use /usr/dict/words verbatim. Apache and most other web servers will announce what they are and what os they're on. With that piece of info, someone could find the same version of /usr/dict/words that you have and only have to guess your initial random number and hash function (because you'd probably be using one of the standard ones) to replicate your hash. Use a randomized version of /usr/dict/words. That way you have two random elements in play.

/\/\averick
perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"

  • Comment on Re: Re: §Is this a secure way to handle login?

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://154724]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2024-04-19 10:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found