23 Jun 2011 12:57 PM #11
Difference with sha256sum result
Are you sure your sha256 function behaves ok? Because it gives me very different values from sha256sum (a Linux command)
For the string "123"
Your function: a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3
echo 123 | sha256sum: 181210f8f9c779c26da1d9b2075bde0127302ee0e3fca38c9a83f5b1dd8e5d3b
24 Jun 2011 7:52 AM #12
I see no reasons to send a hash of a password instead of the password itself. When your packets are intercepted the attacker will receive the hash instead of password. But that means the attacker will generate the same ajax request from him computer and send it to the server, because instead of comparing passwords your server compares hashes.
Just use https and don't simulate the security.
26 Jun 2011 11:58 PM #13
echo -n 123 | sha256sum
* = Only "quite secure" because sophisticated man-in-the-middle attacks are still possible.Daniel Jagszent
dɐɳiel@ʝɐgszeɳt.de <- convert to plain ASCII to get my email address
27 Jan 2013 12:54 AM #14
How can this be implemented in sencha touch 2.1