[Twisted-Python] PB and hashed passwords
golux at comcast.net
Fri Apr 23 02:25:25 EDT 2004
Stephen Waterbury wrote:
> The point of storing it on the server side as an md5 hash
> is that even if someone breaks in and steals the md5 hash
> of the passwd, they can't reverse the hash to get the
> cleartext passwd, and so they can't get in (since the
> checker checks the cleartext passwd [which came in over
> an encrypted channel] against the md5 hash).
The bottom line: md5 hashes are not a substitute
for an encrypted channel (e.g. SSL); they are only
useful for encrypted storage and digital signatures.
(At least that's my understanding. :)
More information about the Twisted-Python