Timeline for Challenging challenge: client-side password hashing and server-side password verification
Current License: CC BY-SA 3.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jun 5, 2014 at 13:41 | comment | added | simbo1905 | You didn't mention on your question what serverside language you are using but you mentioned PHP in a comment below. There is now an excellent php+js demo of SRP by Ruslan Zavacky over on github at github.com/RuslanZavacky/srp-6a-demo | |
| Nov 2, 2012 at 19:50 | answer | added | More than one round of PBKDF2 | timeline score: 1 | |
| Jul 20, 2012 at 21:15 | vote | accept | Jason Smith | ||
| Jul 16, 2012 at 9:12 | history | edited | Jason Smith | CC BY-SA 3.0 |
added 302 characters in body
|
| Jul 15, 2012 at 23:06 | answer | added | D.W. | timeline score: 11 | |
| Jul 14, 2012 at 20:07 | answer | added | rook | timeline score: 4 | |
| Jul 12, 2012 at 20:16 | answer | added | broadway | timeline score: 6 | |
| Jul 12, 2012 at 19:35 | history | tweeted | twitter.com/#!/StackSecurity/status/223500863484862464 | ||
| Jul 12, 2012 at 18:12 | history | edited | Jason Smith | CC BY-SA 3.0 |
Slightly changed wording to improve clarity
|
| Jul 12, 2012 at 18:03 | history | edited | Jason Smith | CC BY-SA 3.0 |
Corrected spelling of eavesdropper
|
| Jul 12, 2012 at 14:57 | history | edited | Gilles 'SO- stop being evil' | CC BY-SA 3.0 |
more expressive title
|
| Jul 12, 2012 at 13:38 | comment | added | symcbean | When I implemented somethnig similar before I used hash(hash(username, password), session_id) - which avoids some of the complexity in your solution - the username is effectively a salt for the paword hash - and this value is stored serverside, and the sesison id is already available at the client - although using a value independent of the session id might be an idea if you erstrict javascript access to the session cookie. | |
| Jul 12, 2012 at 13:28 | history | asked | Jason Smith | CC BY-SA 3.0 |