Posted: Sun Jun 12, 2005 9:43 am
so all cookies hash passwords using md5?
Can I verify this by looking at the cookie and if I don't see the password in plain text, then it is probably hashed or not present?
So I would assume this is relatively secure since it would be hard to get the ascii password from the hash (if for example someone captured the packet with the cookie). So the password itself would not be compromised. However, couldn't that person use the hash value to create their own cookie and login to the site as you?
Sorry if it was a stupid question. I know how to google search but I looked around and mostly found general information about cookies and privacy, not specific information about cookies and security..
I hope I can "stay out of trouble" in the future...
Can I verify this by looking at the cookie and if I don't see the password in plain text, then it is probably hashed or not present?
So I would assume this is relatively secure since it would be hard to get the ascii password from the hash (if for example someone captured the packet with the cookie). So the password itself would not be compromised. However, couldn't that person use the hash value to create their own cookie and login to the site as you?
Sorry if it was a stupid question. I know how to google search but I looked around and mostly found general information about cookies and privacy, not specific information about cookies and security..
I hope I can "stay out of trouble" in the future...