 | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Todd Lehman
|
| | | (...) As long as it's using http and not https, yes. Once it's in a cookie, it's no longer plaintext, so it's less susceptible to snooping although still susceptible to playback attacks. --Todd (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| | | |
| | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Jeremy H. Sproat
|
| | | | (...) Aren't the contents of a cookie simply Base64-encoded? I mean, it's a wel-known and reversable format. Cheers, - jsproat (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| | | | |
| | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Matthew Miller
|
| | | | | (...) I assume it's a one-way hash of some sort. I'd guess (without looking) that it's probably md5.... (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| | | | | |
| | | | | | Re: PW validation (was: Re: Opinions wanted: article rating harmful?) —Todd Lehman
|
| | | | (...) No, the last phase of encoding (and thus the first phase of decoding) for the sign-in cookie is a Base16 (ASCII hex [0-9A-F]) pass. This, however, is applied to an already-encrypted id/pw combo, which has been passed through a pad-style (...) (25 years ago, 22-Apr-00, to lugnet.admin.general)
|
| | | | |
