Highly Secure Authentication (Update)
(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.
AI
AI Summary: This codebase represents a historical implementation of the logic described in the metadata. Our preservation engine analyzes the structure to provide context for modern developers.
Source Code
<H2>Secure User Authentication</H2> <b>The present</b><br> Many websites use basic authentication with the .htaccess files or simple web forms combined with cookies to authenticate their users. Just a few of them use a HTTPS server to sent the data. Someone sniffing packets on the network can easily capture the passwords, and use it to gain access to the accounts.<br><br> <b>The solution</b><br> The solution is to create a 'hash' of the password before sending it. Because we do not want that this hash can be used again, we implement a 'seed'. This way it results in a different seed each time a user wants to login. A seed is generated, i.e.: 12345.67890 The seed is included in the page where the user is being asked for his password. A copy of the seed is stored in the Session object at the server side. When the user submits the page, a javascript calculates the MD5 hash of the seed and the password: <br><br>hash = MD5(seed+password)<br><br> The e-mail address and the hash are sent to the server. When the server recieves this data, it reads the password for the entered email address from the database, and calculates the hash using the seed which is stored in the Session object. Both hashes are compared, and if they match, the user is being granted access to the site. I believe that this method is *much* safer then the .htaccess method, and that it is strong enough to operate without SSL. However, it can also be used in combination with SSL to increase security.<br><br> <b>Credits</b> The Javascript implementation of MD5 is written by Henri Torgemane. The ASP implementation of MD5 is written by Frez Systems Limited. If you decide to use this method of authentication, please do not forget to give credit.<br><br> <b>Legal notice</b> You may not redistribute this code as a 'sample' or 'demo'. However, you are free to use the source code in your own code, but you may not claim that you created the sample code. It is expressly forbidden to sell or profit from this source code other than by the knowledge gained or the enhanced value added by your own code.
Original Comments (3)
Recovered from Wayback Machine