Webmaster Forum - View Single Post - Creating Log-In System

marc_gfx · 03-19-2008, 02:07 PM

its always possible to brute force, if you have access to the encrypted version. but... only if you know the encryption method. so if you use an altered version of md5... its going to be even harder to guess.

you never transmit the password or the salt in plain text. you set the cookie using the encrypted + salted password. the attacker therefore only has access to an encrypted password of which the encryption is hopefully not known.

03-19-2008, 02:07 PM	#12 (permalink)
marc_gfx Contributing Member Join Date: 07-01-06 Posts: 108 iTrader: 0 / 0% Latest Blog: None	its always possible to brute force, if you have access to the encrypted version. but... only if you know the encryption method. so if you use an altered version of md5... its going to be even harder to guess. you never transmit the password or the salt in plain text. you set the cookie using the encrypted + salted password. the attacker therefore only has access to an encrypted password of which the encryption is hopefully not known. __________________ Test your geography knowledge on MapBattle.com! You can also make your own map challenges ;) Get your real-life teams organized! Onlito.com, Online Team Organisation (Free & Beta)