Justtechjobs.com Find a programming school near you






Online Campus Both


php3-list | 199908

Re: [PHP3] 2 way encrypt/decrypt function in PHP3? From: Manuel Lemos (mlemos <email protected>)
Date: 08/02/99

Hello Steve,

On 03-Aug-99 00:25:10, you wrote:

> I used your algorithm/method to do form login ... and while a "sniffer" (I

A sniffer is a program that is used by hackers to see the information that
passes in a network connection.

>don't exactly know what that is) can't see what the password actually was
>(because the password field is nulled before the encryption) ... why wouldn't
>he be able to "sniff" the encrypted password and just pass that in the field
>which it's expected to be in and then breaking the security that way?? ... or
>is that not possible?

As I said, the use of md5() is not intended to prevent the hacker to
emulate a user login. The intention is to prevent the hacker to know
exactly what the password is in clear text.

The problem of discovering passwords is that users tend to use the same
passwords everywhere. If a hacker discovers the password of a user in some
site, he might try using the password elsewhere.

>On 8/1/99 at 12:58 PM, mlemos <email protected> (Manuel Lemos) wrote:

>>
>> In pages that take passwords from forms, I usually try to encrypt the
>> passwords before submiting using md5() as long as the user's browser is
>> Javascript enabled. This doesn't prevent an hacker with a sniffer to
>> intercept the data submitted in the form, but at least prevents him to know
>> what the password is in clear text.
>>
>> You may see an example of this using a PHP class that I wrote and you
>> may find at:
>>
>> http://phpclasses.UpperDesign.com/browse.html?package=1
>>
>> Regards,
>> Manuel Lemos
>>
>> Web Programming Components using PHP Classes.
>> Look at: email protected>?subject=Re:%20[PHP3]%202%20way%20encrypt/decrypt%20function%20in%20PHP3?&replyto=2771.883T735T13554192mlemos <email protected>">mlemos <email protected>">http://phpclasses.UpperDesign.com/?user=mlemos <email protected>
>> --
>> E-mail: mlemos <email protected>
>> URL: http://www.mlemos.e-na.net/
>> PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
>> --
>>
>>
>> --
>> PHP 3 Mailing List <http://www.php.net/>
>> To unsubscribe, send an empty message to php3-unsubscribe <email protected>
>> To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
>> To search the mailing list archive, go to:
>> http://www.php.net/mailsearch.php3 To contact the list administrators,
>> e-mail: php-list-admin <email protected>
>>

>--
>PHP 3 Mailing List <http://www.php.net/>
>To unsubscribe, send an empty message to php3-unsubscribe <email protected>
>To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
>To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
>To contact the list administrators, e-mail: php-list-admin <email protected>

Regards,
Manuel Lemos

Web Programming Components using PHP Classes.
Look at: email protected>?subject=Re:%20[PHP3]%202%20way%20encrypt/decrypt%20function%20in%20PHP3?&replyto=2771.883T735T13554192mlemos <email protected>">mlemos <email protected>">http://phpclasses.UpperDesign.com/?user=mlemos <email protected> 

--
E-mail: mlemos <email protected>
URL: http://www.mlemos.e-na.net/
PGP key: http://www.mlemos.e-na.net/ManuelLemos.pgp
--

-- 
PHP 3 Mailing List <http://www.php.net/>
To unsubscribe, send an empty message to php3-unsubscribe <email protected>
To subscribe to the digest, e-mail: php3-digest-subscribe <email protected>
To search the mailing list archive, go to: http://www.php.net/mailsearch.php3
To contact the list administrators, e-mail: php-list-admin <email protected>