[Project_owners] Protecting a Shared Secret

Brian King brian at mozdev.org
Thu May 25 15:03:43 EDT 2006

Jippen wrote:
> Why not use a one-way hash of the secret? Say, md5 and salt the thing,
> then compare it with a hash stored on the machine. If it is good, send
> out the hash to the server, who does the same thing.

Well, for one thing, the API is 3rd party so we have no control of the 
server code.

Brian King
www.mozdev.org - free project hosting for the Mozilla community

More information about the Project_owners mailing list