[wp-hackers] Client side password encryption

[Andrew Ferguson]

Have you ever tried using this plugin:

http://www.redsend.org/chapsecurelogin/

It's based on the Challenge-Handshake Authentication Protocol (CHAP) and it
seems to work pretty well. It might at least be a starting point for what
you're trying to do.

-Andrew
http://AndrewFerguson.net


On Sun, Mar 16, 2008 at 7:31 PM, Viper007Bond <viper at viper007bond.com>
wrote:

> No no, I think the salt and all that stuff is a good idea. I don't want to
> mess with it or the database.
>
> I'm just trying to figure out a way to not send the password in plain
> text.
> MD5'ing it + a separate salt worked well with 2.3.x, but it's proving to
> be
> trouble in 2.5.
>
> On Sun, Mar 16, 2008 at 11:04 AM, James Davis <james at freecharity.org.uk>
> wrote:
>
> >
> > On 16 Mar 2008, at 09:27, Viper007Bond wrote:
> >
> > > Is it even possible? I can't think of a way to take the MD5 of the
> > > password
> > > and use it to check the password due to the salting. I can't MD5 the
> > > original password and compare it to the submitted hash as the original
> > > obviously isn't stored anywhere.
> >
> > I think (I'm away from home and unable to check precisely) that when
> > I coded the new password functions things were left pluggable in the
> > right places to allow you to use a different hashing algorithm. If
> > you really wanted to use this plugin, you might be able to write
> > another plugin that reinstates plain MD5 passwords. Please let me
> > know if this isn't the case. :-)
> >
> > James
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
>
> --
> Viper007Bond | http://www.viper007bond.com/ | http://www.finalgear.com/
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>