雅虎和登录系统 [英] Yahoo! and Login system
问题描述
[这有点偏离主题。我在这里发帖来获得某种PHP
解决方案]
这是关于PHP中的安全登录实现。我正在努力
了解< http://mail.yahoo.com/>如果我理解正确,他们将通过md5哈希而不是密码本身传递给b $ b。但是,我无法理解挑战的使用情况。字符串在他们的机制。 IIRC,
有时候,我在某处看到这种系统不安全
。有没有人有任何想法?
-
我不相信那些不给我食物的上帝,但是表演我
天堂! - - Swami Vivekanandha
电子邮件:rrjanbiah-at-Y!com
R上。 Rajesh Jeba Anbiah写道:[这有点偏离主题。我在这里发布了一些PHP
解决方案]
这是关于PHP中的安全登录实现。我正在努力理解< http://mail.yahoo.com/>如果我理解正确,他们将传递md5哈希而不是密码本身。但是,我无法理解挑战的使用。字符串在他们的机制。 IIRC,
有时候,我在某处读到这种系统根本不安全。有没有人有任何想法?
如果您正在谈论HTTP标头字段,这是HTTP
标准的一部分。您可以阅读HTTP的rfc了解更多详情。
< http://www.faqs.org/rfcs/rfc2616.html>
-
Guillaume Brocker
Guillaume Brocker< gu ************* **@ircad.u-strasbg.fr>在消息新闻中写道:< 40 ********************* @ news.free.fr> ...R. Rajesh Jeba Anbiah写道:[这有点偏离主题。我在这里发布了一些PHP
解决方案]
这是关于PHP中的安全登录实现。我正在努力理解< http://mail.yahoo.com/>如果我理解正确,他们将传递md5哈希而不是密码本身。但是,我无法理解挑战的使用。字符串在他们的机制。 IIRC,
有时候,我在某处读到这种系统根本不安全。有没有人有任何想法?
如果您正在谈论HTTP标头字段,这是HTTP
标准的一部分。您可以阅读HTTP的rfc了解更多详情。
< http://www.faqs.org/rfcs/rfc2616.html>
感谢您的回复。你可能误解了我的帖子。我的
问题是关于安全登录实现&雅虎到底有多远
使用他们的系统安全。他们使用md5哈希以及挑战
字符串。 (我无法理解挑战字符串背后的原因;
但是我理解md5哈希)。
-
我不相信那些不给我食物的上帝,但却告诉我
天堂! - Swami Vivekanandha
电子邮件:rrjanbiah-at-Y!com
Uzytkownik" R. Rajesh Jeba Anbiah <纳克********** @ rediffmail.com> napisal w
wiadomosci新闻:ab ************************** @ posting.google.c om ...感谢您的回复。你可能误解了我的帖子。我的问题是关于安全登录实施&雅虎到底有多远用他们的系统保证安全。他们使用md5 hash以及challenge
字符串。 (我无法理解挑战字符串背后的原因;
但我理解md5哈希)。
挑战字符串的目的是为每个
登录尝试使md5哈希唯一。否则,如果md5哈希每次都相同,则
某人截获哈希只能使用哈希登录到
系统 - 在本质上,md5哈希已成为密码。
HTTP'的摘要认证基于这样的挑战/响应机制,
所以它是'值得一看的RFC。
[This is bit off-topic. I''m posting here to get some sort of PHP
solution]
This is regarding secure login implementation in PHP. I''m trying to
understand <http://mail.yahoo.com/> If I understand right, they''re
passing the md5 hash instead of the password itself. But, I couldn''t
understand the use of "challenge" string in their mechanism. IIRC,
sometimes ago, I read somewhere that this kind of system is not secure
at all. Does anyone have any idea?
--
"I don''t believe in the God who doesn''t give me food, but shows me
heaven!"--Swami Vivekanandha
Email: rrjanbiah-at-Y!com
R. Rajesh Jeba Anbiah wrote:[This is bit off-topic. I''m posting here to get some sort of PHP
solution]
This is regarding secure login implementation in PHP. I''m trying to
understand <http://mail.yahoo.com/> If I understand right, they''re
passing the md5 hash instead of the password itself. But, I couldn''t
understand the use of "challenge" string in their mechanism. IIRC,
sometimes ago, I read somewhere that this kind of system is not secure
at all. Does anyone have any idea?
If your are speaking about HTTP header fields, this is part of the HTTP
standard. You may read the HTTP''s rfc for further details.
<http://www.faqs.org/rfcs/rfc2616.html>
--
Guillaume Brocker
Guillaume Brocker <gu***************@ircad.u-strasbg.fr> wrote in message news:<40*********************@news.free.fr>...R. Rajesh Jeba Anbiah wrote:[This is bit off-topic. I''m posting here to get some sort of PHP
solution]
This is regarding secure login implementation in PHP. I''m trying to
understand <http://mail.yahoo.com/> If I understand right, they''re
passing the md5 hash instead of the password itself. But, I couldn''t
understand the use of "challenge" string in their mechanism. IIRC,
sometimes ago, I read somewhere that this kind of system is not secure
at all. Does anyone have any idea?
If your are speaking about HTTP header fields, this is part of the HTTP
standard. You may read the HTTP''s rfc for further details.
<http://www.faqs.org/rfcs/rfc2616.html>
Thanks for your reply. You might have misunderstood my post. My
question was about secure login implementation & how far Yahoo! is
secure with their system. They use md5 hash as well as "challenge"
string. (I couldn''t understand the reason behind "challenge" string;
but I understand the md5 hash).
--
"I don''t believe in the God who doesn''t give me food, but shows me
heaven!"--Swami Vivekanandha
Email: rrjanbiah-at-Y!com
Uzytkownik "R. Rajesh Jeba Anbiah" <ng**********@rediffmail.com> napisal w
wiadomosci news:ab**************************@posting.google.c om...Thanks for your reply. You might have misunderstood my post. My
question was about secure login implementation & how far Yahoo! is
secure with their system. They use md5 hash as well as "challenge"
string. (I couldn''t understand the reason behind "challenge" string;
but I understand the md5 hash).
The purpose of the challenge string is to make the md5 hash unique for every
login attempt. Otherwise, if the md5 hash is the same every time, then
someone who''s intercepted the hash can just use the hash to log into the
system--in essence, the md5 hash has become the password.
HTTP''s digest authentication is based such a challenge/response mechanism,
so it''s worthwhile to take a look at the RFC.
这篇关于雅虎和登录系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
