The problem with this approach is that, without a challenge-response, having the MD5
digest of the password is as good as having the password.
Donnie
>>> [EMAIL PROTECTED] 03/12/01 10:05AM >>>
You could also use a little javascript to send
password coded with md5 and verify in servlet the
password for this user via md5 is equal to the
password string you received :
ie: http://pajhome.org.uk/crypt/md5/index.html
>-----Original Message-----
>From: Samson, Lyndon [IT] [mailto:[EMAIL PROTECTED]]
>Sent: Monday, March 12, 2001 3:44 PM
>To: '[EMAIL PROTECTED]'
>Subject: RE: Encrypting password
>
>
>You could write a custom applet, which could use any
>encryption algorithm
>you prefer.
>
>-----Original Message-----
>From: Sam Newman [mailto:[EMAIL PROTECTED]]
>Sent: Monday, March 12, 2001 2:35 PM
>To: [EMAIL PROTECTED]
>Subject: Encrypting password
>
>
>Am I right in saying the only method for encrypting user
>entered data (e.g
>from client desktopn browser to web server) is SSL?
>
>sam
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, email: [EMAIL PROTECTED]
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, email: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
