MD5 + Challenge/Response

I just update the login page to use challenge and response password authentication to make it more secure. It should be highly secure now.

Bascially it works like this. When you go to the login page it generates a random string. When you submit your username and password it md5s your password, concatenates the long string to it, and then md5s it again. The final result is sent to the server where the same is done to the password in the database. If they match then you are logged in. Otherwise you are not. All that and the passwords in the database are still MD5 so they're secure.
Leave A Reply
All content licensed under the Creative Commons License