Send password over TCP connection

Paul Rubin http
Tue Oct 11 00:13:14 CEST 2005


"dcrespo" <dcrespo at gmail.com> writes:
> 3. Both Client and Server creates a hash string from
> <password+random_alphanumeric_string>
> 4. Client sends the hash string to the server
> 5. Server compares his hash result with the hash string received from
> de client.
> 
> I think it is a very good solution, Isn't it?

No. It's vulnerable to dictionary search.  Use SRP if you can.



More information about the Python-list mailing list