- From: Matthew Raymond <mattraymond@earthlink.net>
- Date: Wed, 16 Jan 2008 06:51:42 -0500
- To: Alexander Mueller <alexm@gmx.at>
- CC: Maciej Stachowiak <mjs@apple.com>, public-html@w3.org
Alexander Mueller wrote:
> Thats the point, the server is sending the replay salt but as it is always different it is not "replayable".
The trouble is that you're sending a hash, not the password, and you
can't get a password from a hash because the hash is not an encrypted
version of the password, but merely a semi-unique number generated from
the password. Thus, the server would have to know the password in
advance for the one-time hash solution to work. If that's the case, then
an attacker need only capture the password when you first create your
account and it's game over.
Yes, you can theoretically create a random password and send it by
email, but that still leaves two problems. First, the user may not
remember the random password. Second, if someone is monitoring your web
traffic, how hard can it be to read your email? Encrypt the email? Might
as well just do encryption from the start and avoid such a complex solution.
What we need is a better encryption solution, not a better hash
solution, especially if we're sending one-time sensitive data like
credit card numbers and the like.
Received on Wednesday, 16 January 2008 11:52:18 UTC