That's really an academic debate. I should argue that your scheme depends on security of MD5 algorithm and therefore cannot be more secure than MD5.
History shows that even cryptographic hashes has some problems, and if I recall correctly, some of the MD-series hashes did have problems.
OTOH, my scheme depends only on security of server, and if attacker can read data from server's database, it will not look at nonce, but directly at the target data stored here.
Authentication is here not only for authentication itself, but for data protection, and there is no point making authentication stronger than protection of data itself.
And if I have large site, my entropy pool gets exhausted by SSL subsystem in the firts place, so I will need HW crypto-card (RND-generator) anyway.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.