 | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
|
(...) As long as it's using http and not https, yes. Once it's in a cookie, it's no longer plaintext, so it's less susceptible to snooping although still susceptible to playback attacks. --Todd (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| |
| | Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
|
(...) Aren't the contents of a cookie simply Base64-encoded? I mean, it's a wel-known and reversable format. Cheers, - jsproat (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| |
| | Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
|
(...) I assume it's a one-way hash of some sort. I'd guess (without looking) that it's probably md5.... (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| |
| | Re: PW validation (was: Re: Opinions wanted: article rating harmful?)
|
|
(...) No, the last phase of encoding (and thus the first phase of decoding) for the sign-in cookie is a Base16 (ASCII hex [0-9A-F]) pass. This, however, is applied to an already-encrypted id/pw combo, which has been passed through a pad-style (...) (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
