Highly Secure Authentication (Update)

Submitted on: 1/6/2015 1:42:00 AM
By: Robin Schuil (from psc cd)  
Level: Advanced
User Rating: By 11 Users
Compatibility: ASP (Active Server Pages), HTML, VbScript (browser/client side)
Views: 2441
     (Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.

This article has accompanying files

Secure User Authentication

The present
Many websites use basic authentication with the .htaccess files or simple web forms combined with cookies to authenticate their users. Just a few of them use a HTTPS server to sent the data. Someone sniffing packets on the network can easily capture the passwords, and use it to gain access to the accounts.

The solution
The solution is to create a 'hash' of the password before sending it. Because we do not want that this hash can be used again, we implement a 'seed'. This way it results in a different seed each time a user wants to login. A seed is generated, i.e.: 12345.67890 The seed is included in the page where the user is being asked for his password. A copy of the seed is stored in the Session object at the server side. When the user submits the page, a javascript calculates the MD5 hash of the seed and the password:

hash = MD5(seed+password)

The e-mail address and the hash are sent to the server. When the server recieves this data, it reads the password for the entered email address from the database, and calculates the hash using the seed which is stored in the Session object. Both hashes are compared, and if they match, the user is being granted access to the site. I believe that this method is *much* safer then the .htaccess method, and that it is strong enough to operate without SSL. However, it can also be used in combination with SSL to increase security.

Credits The Javascript implementation of MD5 is written by Henri Torgemane. The ASP implementation of MD5 is written by Frez Systems Limited. If you decide to use this method of authentication, please do not forget to give credit.

Legal notice You may not redistribute this code as a 'sample' or 'demo'. However, you are free to use the source code in your own code, but you may not claim that you created the sample code. It is expressly forbidden to sell or profit from this source code other than by the knowledge gained or the enhanced value added by your own code.

winzip iconDownload article

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come out every day, so no prevention program can catch 100% of them. For your own safety, please:
  1. Re-scan downloaded files using your personal virus checker before using it.
  2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.

If you don't have a virus scanner, you can get one at many places on the net

Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Advanced category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)

Other User Comments

 There are no comments on this submission.

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)

To post feedback, first please login.