Web Authentication

    When requesting authentication (the client requests the login / password entry page), the server generates a pseudo-random number, which it stores in the database, and also passes to the client. This number is the login session identifier and its lifetime is limited, for example, to 5 minutes. During this time, the client must have time to authenticate with the system. Based on the password entered by the client and the received pseudo-random number by means of Java Script, a hash is generated that is sent to the server along with the identifier and user login. The server searches for the identifier in the database, if it is successful, the password is retrieved from the database by login and the hash function is calculated from the password and identifier (the same pseudo-random number). If the hashes match, the login is successful. The identifier from the database is deleted.

    Implementation of MD4, MD5, SHA-1 in Java Script

    Also popular now: