Remember me

This topic is closed.
  • Time
  • Show
Clear All
new posts
  • lrogers
    Veteran Member
    • Dec 2002
    • 3853
    • Mobile, AL. USA.
    • BT3000

    Remember me

    At the log on box, how does "remember me" work?
    Maybe I knew once, but I think I forgot!
    Larry R. Rogers
    The Samurai Wood Butcher
  • jbalders
    Established Member
    • Oct 2003
    • 298
    • Vienna, VA, USA.
    • BT3100 + Shopsmith

    It appears to save it in hashed form (probably MD5) in a permanent cookie on your machine.

    If you're looking to get rid of it, you should be able to get rid of the "remember me" by logging out or deleting the cookie in question.

    More than you really wanted to know:

    The nice things about hashes, is that you can verify that a bit of text (i.e., a password) was used to generate the hash, but there's no way to re-generate the bit of text FROM the hash, except the hard way (brute force or a dictionary attack). It's a nice tool to use for data validation.

    There may be a little bit more to it than that -- there may be additional data than just your password that's been hashed. That would be used as a security measure so no one would be able to do a brute force or dictionary attack against your cookie to guess your password, because they don't know what the additional data is so a dictionary attack would be impossible. The only option would be a brute force attack, and that's really expensive processing wise (time).

    Last edited by jbalders; 02-18-2006, 04:28 PM.

    BOFH excuse #360: Your parity check is overdrawn and you're out of cache.