[Project_owners] Protecting a Shared Secret

Brian King brian at mozdev.org
Thu May 25 15:03:43 EDT 2006


Jippen wrote:
> Why not use a one-way hash of the secret? Say, md5 and salt the thing,
> then compare it with a hash stored on the machine. If it is good, send
> out the hash to the server, who does the same thing.

Well, for one thing, the API is 3rd party so we have no control of the 
server code.

-- 
Brian King
www.mozdev.org - free project hosting for the Mozilla community


More information about the Project_owners mailing list