[JDEV] Security
Max Horn
max at quendi.de
Fri Apr 7 16:30:04 CDT 2000
>The key to sending digests is that the md5 sum is calculated based
>off a one-time session key assigned by the server. So, when the
>client connects to a server, a one-time session seed (i.e. random
>number) is sent to the client. The client uses this seed and the
>plaintext password as input into the md5 summation. Hence, the md5
>sum sent to the server is secure against replay attacks since it is
>calculated on a one-time basis.
>
How do I obtain the session key? I.e. how can I ask the server for it?
Sorry, but I couldn't find this in the docs.
Oh, and how exactly do I concat the password and the session key to
calc the checksum? First password, then key, or vice versa?
Bye,
Max
--
-----------------------------------------------------------
Max "The Black Fingolfin" Horn
<mailto:max at quendi.de>
<http://www.quendi.de> - please use my guestbook!
-----------------------------------------------------------
Your mouse has moved. Windows NT must be restarted for the
change to take effect. Reboot now? [ OK ]
More information about the JDev
mailing list