[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

md5 steps

Posted on 2004-11-03
3
Medium Priority
?
645 Views
Last Modified: 2008-01-09
I would like to know how to implement this algorithm in ASP.
I want to use it in a login page.
I have some doubts...
Should I apply the md5 function in javascript before sending the password and then compare the hash? I also saw in some pages that some people use a random number...
Which would be the best "steps" to follow? I would like if someone can detail me the steps, including when an user registers for first time and also when an user logins.
Thank you so much :)
0
Comment
Question by:DeLaVegaz
2 Comments
 
LVL 5

Accepted Solution

by:
eyeh8u earned 150 total points
ID: 12490812
Generaly, on registration I generate a random secure password for the user, and store this as an MD5 hash in the database for security. This is emailed to the registered email address to authenticate they are who they say they are etc.

I use this library: http://www.freevbcode.com/ShowCode.Asp?ID=2366

To generate the hash.

When a user logs-in I have them login with their actual password and submit this to the server in plain text (i.e. no Javascript MD5), this is then hashed with the above library to compare to their login to check authentication. Where security is a concern, the login is done over SSL.

Random number/text string images etc confirmation is frequently used on signup screens to prevent automated registration by user list spam robots (who signup hundreds of AAAAAHOTSEX style accounts in user directories at popular sites like yahoo groups and so on). I've never worked on a site where this has been an issue.
0
 
LVL 10

Assisted Solution

by:thefritterfatboy
thefritterfatboy earned 150 total points
ID: 12492760
Remember - the idea of MD5 is to *hide* the password... not to stop people logging in as other users.

If you are dealing with money or sensitive data - use a https (SSL) connection. If you make javascript do the work and then submit... this MD5 string can still be seen to 'hackers' and used to log in as that user.

The idea of MD5 is useful for cookies. You can save user ID and md5 password in the cookie to authenticate users. However, other users on this machine cannot open the cookies folder, your site's cookie and simply read this user's password - they would just be presented with an md5 string.

A good way of encrypting is to send a checksum from the server. When the page is loaded - create an ASP session and add a random 10 digit string to your session. The javascript would add this string to the user's password BEFORE md5 hashing it and sending it back to the server.

You would then take this string, append it to the end of the user's password in your database, MD5 hash it and test the two string. This means the MD5 hash sent is unique each time yet still contains the data you need.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Integration Management Part 2
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question