How to Authenticate Password Using MD5 Hash code
-
I have to pass user name and password for the LDAP authentication but during this process password is getting saved into the local machine RAM and which can be retrived later... So how I can use MD5 hash code for preventing this.
How do other programs access your RAM ? The way an MD5 hash works is destructive, if you have an MD5, you cannot use it to get your original password back. They are used sometimes to store passwords, so the password sent is an MD5 hash of what is typed, and the MD5 hash is what is stored. The main idea here is that the actual password is not in the DB and in theory, people are not likely to work it out from the MD5. MD5 is not all that secure, nowadays.
Christian Graus - Microsoft MVP - C++ "also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
-
I have to pass user name and password for the LDAP authentication but during this process password is getting saved into the local machine RAM and which can be retrived later... So how I can use MD5 hash code for preventing this.
Who's on your server accessing the RAM?
-
Who's on your server accessing the RAM?
Why does that question make me think pictures of cats inside computer cases? ;)
Mark Churchill Director Dunn & Churchill Diamond Binding: Zero to Data Layer in 3 mins
-
Why does that question make me think pictures of cats inside computer cases? ;)
Mark Churchill Director Dunn & Churchill Diamond Binding: Zero to Data Layer in 3 mins
Too much lunchtime wine??
-
Too much lunchtime wine??
That could be part of the reason ;) I was thinking something like so: http://digitalcollections.uwyo.edu/blogs/wp-content/uploads/2007/07/lolcat-in-computer3.JPG[^] "Im in your server, accessing your RAM".
Mark Churchill Director Dunn & Churchill Diamond Binding: Zero to Data Layer in 3 mins
-
How do other programs access your RAM ? The way an MD5 hash works is destructive, if you have an MD5, you cannot use it to get your original password back. They are used sometimes to store passwords, so the password sent is an MD5 hash of what is typed, and the MD5 hash is what is stored. The main idea here is that the actual password is not in the DB and in theory, people are not likely to work it out from the MD5. MD5 is not all that secure, nowadays.
Christian Graus - Microsoft MVP - C++ "also I don't think "TranslateOneToTwoBillion OneHundredAndFortySevenMillion FourHundredAndEightyThreeThousand SixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it ) ( spaces added for the benefit of people running at < 1280x1024 )
Christian Graus wrote:
people are not likely to work it out from the MD5. MD5 is not all that secure, nowadays
I agree, and I don't even bother treaching MD5 in my class. I stick to SHA-256 or better.
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
