Hello all, I'm trying to work out a solution to a problem, and I thought I'd ask here in case anyone has any ideas.
First a bit of background. I just wrote a post in my blog about a secure login with PHP and JavaScript without SSL. The basic idea is that the server sends the client a random key, then both the server and client append the hash value of the client's password to the random key and produce another hash from the new string. Then the server compares the string to see if it and the client got the same result. You can see the full post here: http://www.lightcubesolutions.com/blog/?p=47 This appears to do just what it was intended to do. My problem now is, how do I securely register the user in a similar fashion? In other words, how would I get the hash of the password securely to the server in the first place, or in the event that a user wishes to change her password? I have an idea brewing already, but it's the sort of thing that I think would be easy enough for a third party to break. Any thoughts? -- JH -- http://linuxfromscratch.org/mailman/listinfo/lfs-chat FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
