Tony Sauri wrote: > User: wishes to create a new password (either 1st time or change existing > password) > > Server: sends new/change password dialogue and includes server public > key > > Client: prompts user for new password > > Client: transforms new password with selected hash algorithm > encrypts new password hash with server public key and sends to server > > Server: decrypts new password hash cypher text > stores new password hash
Thanks, but I don't think this will work. The SHA1 or MD5 commands aren't actually encrypting the password, they are performing a hash sum on the password, which is a one-way calculation. You can't produce the actual password from the hash. So the server will be unable to 'decrypt' the password hash as you suggest, which is exactly my point. Unless you can show me by example that I am incorrect... -- JH -- http://linuxfromscratch.org/mailman/listinfo/lfs-chat FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
