Comments on: Safe web authentication http://blog.affien.com/archives/2005/05/16/safe-web-authentication/ A few thoughts Sun, 31 May 2009 12:07:29 +0000 http://wordpress.org/?v=2.8 hourly 1 By: Bas Westerbaan http://blog.affien.com/archives/2005/05/16/safe-web-authentication/comment-page-1/#comment-662 Bas Westerbaan Wed, 18 May 2005 05:37:51 +0000 http://blog.w-nz.com/archives/2005/05/16/safe-web-authentication/#comment-662 The salt would offcourse be random, and it would be quite safe when it would be a very big random string (~32 bytes). Which makes it virtualy inthinkable the same 2 salts are used ever, which makes the chance of a certain hash still being hijacked and used with the same salt neglectable. The salt would offcourse be random, and it would be quite safe when it would be a very big random string (~32 bytes). Which makes it virtualy inthinkable the same 2 salts are used ever, which makes the chance of a certain hash still being hijacked and used with the same salt neglectable.

]]> By: Michael Scott http://blog.affien.com/archives/2005/05/16/safe-web-authentication/comment-page-1/#comment-661 Michael Scott Wed, 18 May 2005 01:52:02 +0000 http://blog.w-nz.com/archives/2005/05/16/safe-web-authentication/#comment-661 An interesting idea, It would indeed make it harder for the application to be hijacked, it would need to be a random salt produced each time however - which would mean the initiating of a session class of some sort just for the login. I can see some very practical uses for this method... Perhaps you could create the salt based on a few "magic" ingredients (Time, date, IP etc). An interesting idea,

It would indeed make it harder for the application to be hijacked, it would need to be a random salt produced each time however – which would mean the initiating of a session class of some sort just for the login.

I can see some very practical uses for this method… Perhaps you could create the salt based on a few “magic” ingredients (Time, date, IP etc).

]]>