Tweet
Remember me
At the log on box, how does "remember me" work?
Maybe I knew once, but I think I forgot!
Maybe I knew once, but I think I forgot!
-
Larry R. Rogers
The Samurai Wood Butcher
http://splash54.multiply.com
http://community.webshots.com/user/splash54 -
It appears to save it in hashed form (probably MD5) in a permanent cookie on your machine.
If you're looking to get rid of it, you should be able to get rid of the "remember me" by logging out or deleting the cookie in question.
More than you really wanted to know:
The nice things about hashes, is that you can verify that a bit of text (i.e., a password) was used to generate the hash, but there's no way to re-generate the bit of text FROM the hash, except the hard way (brute force or a dictionary attack). It's a nice tool to use for data validation.
There may be a little bit more to it than that -- there may be additional data than just your password that's been hashed. That would be used as a security measure so no one would be able to do a brute force or dictionary attack against your cookie to guess your password, because they don't know what the additional data is so a dictionary attack would be impossible. The only option would be a brute force attack, and that's really expensive processing wise (time).
JeffLast edited by jbalders; 02-18-2006, 04:28 PM.Jeff
BOFH excuse #360: Your parity check is overdrawn and you're out of cache.
Comment