Topic: Secure login hack
InvalidResponse
avatar
Professional
Professional
Posts: 2423

Posted:
12.Mar 2006 - 09:57

I stumbled on a javascript implementation of the MD5 algorithm and hacked it into the system.. it allows for passwords to be encrypted "before" the form is submitted.. it also uses a truncated hash to prevent the potential for a replay compromise (logging in with the encrypted password).

Demo

Download

note: this is a hack. core files were slightly modified. backup your files before installing and use at your own risk. requires PostNuke version .762

bye now,
-IR
[edit: bad link]

--
http://www.invalidresponse.com
Slugger
avatar
Professional
Professional
Posts: 1185

Posted:
13.Mar 2006 - 22:00

Or is that..."buy now". icon_lol

Sluggo
InvalidResponse
avatar
Professional
Professional
Posts: 2423

Posted:
14.Mar 2006 - 00:02

Slugger

Or is that..."buy now". icon_lol

silly slugg-o :D .. it's a thankless "job".. and I'm privileged to do it.

--
http://www.invalidresponse.com
InvalidResponse
avatar
Professional
Professional
Posts: 2423

Posted:
14.Mar 2006 - 01:34

..just to avoid any confusion the above comment may cause.. there's no "fee".. it's a free download.

--
http://www.invalidresponse.com
TakeIT2
avatar
Softmore
Softmore
Posts: 68

Posted:
27.Jun 2008 - 16:42

Has any of this been implemented for Zikula?