On Sunday 23 November 2008 11:48:15 pm Jeremy Huntwork wrote: > This appears to do just what it was intended to do. My problem > now is, how do I securely register the user in a similar fashion? > In other words, how would I get the hash of the password securely > to the server in the first place, or in the event that a user > wishes to change her password? I have an idea brewing already, > but it's the sort of thing that I think would be easy enough for > a third party to break.
The only way to be totally sure the key and the registration is secure and being used by the correct person is to hand it to the person yourself. Anything that is transmitted by any other means can be captured and eventually cracked, so it must be considered comprimsed. Some times good old fashion hand to hand exchange is the best, safest, secure and only way to be sure your package arrived where it was supposed and was not captured or comprimsed. -- Stealth -- http://linuxfromscratch.org/mailman/listinfo/lfs-chat FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
