[JDEV] Security

Max Horn max at quendi.de
Fri Apr 7 16:30:04 CDT 2000

>The key to sending digests is that the md5 sum is calculated based 
>off a one-time session key assigned by the server. So, when the 
>client connects to a server, a one-time session seed (i.e. random 
>number) is sent to the client. The client uses this seed and the 
>plaintext password as input into the md5 summation. Hence, the md5 
>sum sent to the server is secure against replay attacks since it is 
>calculated on a one-time basis.

How do I obtain the session key? I.e. how can I ask the server for it?
Sorry, but I couldn't find this in the docs.

Oh, and how exactly do I concat the password and the session key to 
calc the checksum? First password, then key, or vice versa?


Max "The Black Fingolfin" Horn
<mailto:max at quendi.de>
<http://www.quendi.de> - please use my guestbook!
Your mouse has moved. Windows NT must be restarted for the
change to take effect. Reboot now? [ OK ]

More information about the JDev mailing list