Posted by stjames on August 18, 2003, at 19:46:52
In reply to Re: Posting in public places and cookies, posted by Dr. Bob on August 18, 2003, at 5:00:30
> > Thi storing of passwds as cookies is used everywhere and is a real bad idea.
>
> Well, at least it's encrypted to some extent?It would not fly by HIPPA, is weak and simple to break. Double pass encryption would be better.
Take the clear text passwd, crypt it, then use the
cypher text (encrypted passwd) as the key to encrypt itself. For now, this beats brute force
methods. Try not to use the oldest encryption methods, like md5, DES, & 3DES. It is getting possible to actually break these without brute force. Blowfish is my choice for encryption. Perl
has modules for Blowfish. So, no it is in no way OK. Is putting the house key under the front door mat OK for you ? Would you do this ?You don't have to keep your cookies turned on, you know. Not to use this site, anyway...
>
> BobYou know or should know that a) few users here do understand all this b) few know when a cookie is set c) or even know how to contol this d) or that users have a clue how to control if cookies are used.
It is also very hard to surf and have pages function well without cookies, so most are forced to allow them.
I suggest a check box, "remember my password",
with a short discussion of the dangers of this.
"Checking this box means your password will be stored on your computer, encrypted, as a cookie.
If others have access to your computer it is possible to get your real password for this cookie. Consider not saving your password if you post from a copmuter that is not your own" (or some such wording
poster:stjames
thread:251317
URL: http://www.dr-bob.org/babble/admin/20030808/msgs/251961.html