Re: [PHP] Re: JavaScript MD5()

Tue, 11 Sep 2001 00:36:53 -0700 

thanx...

yeah, I forgot that the problem is not what the sniffer sees, the problem is
: how can i do to prevent him from seeing anything ....

Is SSL difficult to use in PHP ???

Can someone shortly explain it to me ???

    (°-        Nayco,
    //\        [EMAIL PROTECTED]
    v_/_     http://nayco.free.fr


----- Original Message -----
From: Arve Bersvendsen <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, September 11, 2001 9:54 AM
Subject: [PHP] Re: JavaScript MD5()


> Nicolas Costes wrote in 00fd01c13a94$e3329b80$0100a8c0@p2333:">news:00fd01c13a94$e3329b80$0100a8c0@p2333:
>
> > Hellorgh, all !!!
> > Does anyone knows if there is a way to MD5-encode strings with
> > JavaScript ?
>
> The algorithm is described in RFC 1321.
> <URL:http://www.ietf.org/rfc/rfc1321.txt>
>
> > I use MD5() to encode passwords then insert them in my account
> > database, and when a user logs in, i do
> > MD5($password_provided_by_form) to compare it with the one stored
> > in the DB. Ok, fine, I cannot see the users's passwords but when
> > they log in, everyone can sniff it !!!
>
> MD5 is a one way algorithm, which means that you won't be doing MD5 on
> the server.
>
>
> > That's why i'd like to encode passwords at client-side.... a
> > Javascript MD5() function should be fine, but i think it doesn't
> > exists .... and I can't use (and i don't know how to ;~p ) SSL,
> > https: ....
>
> Which won't help you in any way, in effect you'll just be sending a
> plaintext password that's a lot longer.
>
> > Someone's got any solution ????
>
> A secure connection is your only real solution here.
>
>
> --
> Arve         «The pessimist sees difficulty in every opportunity.
>                The optimist sees opportunity in every difficulty.»
>                                              - Winston Churchill
> http://www.bersvendsen.com/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to