[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Time Invariant String Comparison
- From: Javier Guerra Giraldez <javier@...>
- Date: Fri, 17 Jan 2014 08:25:08 -0500
On Fri, Jan 17, 2014 at 5:08 AM, Dirk Laurie <dirk.laurie@gmail.com> wrote:
> It has also been suggested, in effect, that your code should be
> saying
>
> if encrypted_password == encrypt(post.password) then
>
> You could also have cryptography at both ends:
>
> 1. Client sends a request to authenticate.
> 2. Server sends a message together with the request: calculate
> encrypt(message,key) using your secret password as key,
> and send me the result. While waiting for the response, server
> does the same calculation.
> 3.Program does
> if encryption == post.encryption then
s/encryption/hashing/g
--
Javier