md5 steps

Posted on 2004-11-03
Last Modified: 2008-01-09
I would like to know how to implement this algorithm in ASP.
I want to use it in a login page.
I have some doubts...
Should I apply the md5 function in javascript before sending the password and then compare the hash? I also saw in some pages that some people use a random number...
Which would be the best "steps" to follow? I would like if someone can detail me the steps, including when an user registers for first time and also when an user logins.
Thank you so much :)
Question by:DeLaVegaz
    LVL 5

    Accepted Solution

    Generaly, on registration I generate a random secure password for the user, and store this as an MD5 hash in the database for security. This is emailed to the registered email address to authenticate they are who they say they are etc.

    I use this library:

    To generate the hash.

    When a user logs-in I have them login with their actual password and submit this to the server in plain text (i.e. no Javascript MD5), this is then hashed with the above library to compare to their login to check authentication. Where security is a concern, the login is done over SSL.

    Random number/text string images etc confirmation is frequently used on signup screens to prevent automated registration by user list spam robots (who signup hundreds of AAAAAHOTSEX style accounts in user directories at popular sites like yahoo groups and so on). I've never worked on a site where this has been an issue.
    LVL 10

    Assisted Solution

    Remember - the idea of MD5 is to *hide* the password... not to stop people logging in as other users.

    If you are dealing with money or sensitive data - use a https (SSL) connection. If you make javascript do the work and then submit... this MD5 string can still be seen to 'hackers' and used to log in as that user.

    The idea of MD5 is useful for cookies. You can save user ID and md5 password in the cookie to authenticate users. However, other users on this machine cannot open the cookies folder, your site's cookie and simply read this user's password - they would just be presented with an md5 string.

    A good way of encrypting is to send a checksum from the server. When the page is loaded - create an ASP session and add a random 10 digit string to your session. The javascript would add this string to the user's password BEFORE md5 hashing it and sending it back to the server.

    You would then take this string, append it to the end of the user's password in your database, MD5 hash it and test the two string. This means the MD5 hash sent is unique each time yet still contains the data you need.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
    I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference: Let's make the introductions... Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interact…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now