tags:

views:

51

answers:

2
+2  Q: 

Server authorization with MD5 and SQL.

I currently have a SQL database of passwords stored in MD5. The server needs to generate a unique key, then sends to the client. In the client, it will use the key as a salt then hash together with the password and send back to the server.

The only problem is that the the SQL DB has the passwords in MD5 already. Therefore for this to work, I would have to MD5 the password client side, then MD5 it again with the salt. Am I doing this wrong, because it doesn't seem like a proper solution. Any information is appreciated.

+1  A: 

You should use SSL to encrypt the connection, then send the password over plain text from the client. The server will then md5 and compare with the md5 hash in the database to see if they are the same. If so auth = success.

MD5'ing the password on the client buys you nothing because a hacker with the md5 password can get in just as easy as if it was in plain text.

Byron Whitlock  2010-04-01 23:57:47
The question isn't about *MD5'ing the password on the client to increases security*. That's clearly pointless. It seems the poster wants to use a [Cryptographic nonce](http://en.wikipedia.org/wiki/Cryptographic_nonce) to implement secure authentication. The problem is that would normally requires both the user and the server to know the password. So the question really is *since the server already only store password hashes would hashing the password on the client make it possible to use a nonce?* But then I have to agree using SSL in much simpler and secure.
Alexandre Jasmin  2010-04-02 15:20:19
A: 

It is not completely clear to me what are you asking, but python hashlib (read the FAQ) and wikipedia should get you to where ever you are going.

For real world example in python check django authentication (the source).

Unreason  2010-04-02 00:01:02

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL