[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed, 12 Oct 2005 17:38:21 -0400 -->
- <!--x-from-r13: wnfbaqnl ng jbeyqarg.ngg.arg (Xnfba Rnl) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] How LDAP works with authentication -->
- <li><em>date</em>: Wed, 12 Oct 2005 17:38:21 -0400</li>
- <li><em>from</em>: jasonday at worldnet.att.net (Jason Day)</li>
- <li><em>in-reply-to</em>: <<a href="msg00302.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00269.html">[email protected]</a>> <<a href="msg00286.html">[email protected]</a>> <<a href="msg00294.html">[email protected]</a>> <<a href="msg00300.html">[email protected]</a>> <<a href="msg00302.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] How LDAP works with authentication</li>
Well, to be fair, I think you're splitting hairs here; I don't think
brute-forcing an MD5 hash is going to be *that* much of a challenge to
someone with the capability of retrieving the plain text of an SSL
session.
Here's a better question: Is the (arguably) better protection you get
from sending an MD5 hash of a password vs. plain text over an SSL
connection worth the added burden of adding the password hash to the
user object *and* keeping the password hash in sync with the user's
password?
--
Jason Day jasonday at
<a rel="nofollow" href="http://jasonday.home.att.net";>http://jasonday.home.att.net</a> worldnet dot att dot net
"Of course I'm paranoid, everyone is trying to kill me."
-- Weyoun-6, Star Trek: Deep Space 9
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00310" href="msg00310.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00269" href="msg00269.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00286" href="msg00286.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00294" href="msg00294.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
<li><strong><a name="00300" href="msg00300.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> jasonday at worldnet.att.net (Jason Day)</li></ul></li>
<li><strong><a name="00302" href="msg00302.html">[ale] How LDAP works with authentication</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00304.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00306.html">[ale] Seeking ways to getting around spyware on Windows</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00326.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00310.html">[ale] How LDAP works with authentication</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00305"><strong>Date</strong></a></li>
<li><a href="threads.html#00305"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>