Results 1 to 10 of 11

Thread: logging using md5 password

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

October 8th, 2005, 06:10 PM #2
sec_ware

View Profile

View Forum Posts

Visit Homepage
Senior Member

Join Date

Mar 2004

Posts

557
Hi

Usually, the password, which you send (mostly in plaintext..) from your
client, will be md5'd on server side. The md5-hash of the password
then is compared with the entry in the database.

If you send the md5-hashed version of your password, it will again
be md5'd, which results in a different md5-hash, hence the "invalid
password error".

The password is not stored as plain-text in the database for obvious
reason. Usually, you cannot do much if you somehow snatch the md5-
hash of a "good" password. Note, however, that md5-hashes of
short or simple passwords, like "12345" or "password" are known
by standard tools.

Cheers

If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
Reply With Quote

Quick Navigation Newbie Security Questions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: logging using md5 password

Thread Tools

Display

Threaded View

Posting Permissions