WordPress PassWord Security

There’s more to this than I can say; I’m really not up to speed on this issue. But this post raises some of the most important points.

Paj’s Home: Cryptography: JavaScript MD5: Login System (see also CHAP Secure Login):

“The core of the login system is a “challenge response” exchange. The server generates a random number – the challenge – and sends this to the client. The client performs a hash operation including both the challenge and the password, and returns the result to the server. The server checks this against its own calculation. During this exchange, the password is never transmitted as plaintext. Replay attacks are prevented because the challenge is different every time.”

Also of interest: technosailor’s WordPress FAQ series


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: