nope you are quite correct.. but I put my chances of someone "catching" packets from my site and ripping em open.. in that low down probability of around 0 as well. :)
::::::::::::::::::::::::::::::::::::::::::: : Julien Bonastre [The-Spectrum.org CEO] : A.K.A. The_RadiX : [EMAIL PROTECTED] : ABN: 64 235 749 494 : QUT Student :: 04475739 ::::::::::::::::::::::::::::::::::::::::::: ----- Original Message ----- From: "Jon Haworth" <[EMAIL PROTECTED]> To: "'The_RadiX'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, May 04, 2002 12:07 AM Subject: RE: [PHP] Secure user authentication > Hi, > > > but the password is put through my own fairly unbreakable > > (yes.. I am serious) password key system.. > > SO basically you'll end up with a nice 32 char string > > which is QUITE safe to pass around and the chance anyone's > > gonna decrypt it IMHO is about zilch, > > And all you have to do, is when they login once, just run > > the password they entered through this "algorithm" and > > check it against the stored algo'd password.. > > Presumably you have a Javascript implementation of your algorithm, which > runs on the login page - otherwise you'd just be transmitting the password > in clear text from the browser to the server, right? > > If you don't do this, how do you deal with getting the password from the > user to the server so you can authenticate them? > > If you do, how do you deal with people who have Javascript disabled? > > > Cheers > Jon > ::::::::::::::::::::::::::::::::::::::::::: : Julien Bonastre [The-Spectrum.org CEO] : A.K.A. The_RadiX : [EMAIL PROTECTED] : ABN: 64 235 749 494 : QUT Student :: 04475739 :::::::::::::::::::::::::::::::::::::::::::