in reply to MD5 issue (client side)

Slightly OT:
I cannot exactly know, what do you encrypt using md5 on both client and server side because I cannot download your announced javascript. But I think that using md5 or other hash-functions is not necessary and does not enhance the safety in this case - when you are thinkinkg about some random strings serving the same role as passwords, the hashed random strings have the same role... The only one tip is to use https to avoid the man in the middle.

Replies are listed 'Best First'.
Re^2: MD5 issue (client side)
by GaijinPunch (Pilgrim) on Mar 27, 2006 at 23:08 UTC
    Hey guys: Thanks for the replies. Yes, I was not very fimiliar w/ how md5 authentication worked. I did figure it out though. Generally, I do what the javascript did -- there's about 5 lines of importance. In a nutshell, MD5(MD5(password) + challenge) or something like that.

    I am able to get a proper password based on the random challenge key.
[reply]

In Section Seekers of Perl Wisdom