Send password over TCP connection
Paul Rubin
http
Mon Oct 10 18:13:14 EDT 2005
"dcrespo" <dcrespo at gmail.com> writes:
> 3. Both Client and Server creates a hash string from
> <password+random_alphanumeric_string>
> 4. Client sends the hash string to the server
> 5. Server compares his hash result with the hash string received from
> de client.
>
> I think it is a very good solution, Isn't it?
No. It's vulnerable to dictionary search. Use SRP if you can.
More information about the Python-list
mailing list