| ||Ask HN: Is this pseudocode client side login algorithm secure?|
2 points by alhenaadams on Oct 6, 2012 | hide | past | web | favorite | 6 comments |
|on new user login:
1)generate a random assignment of prime numbers to permissable characters for a new username/password entry and save it as tempTransform.json, save a copy to rawTransforms.json
2)translate username and password to integers using this list, then add them together and save the resulting integer in userHashes.html
3)add the username, password, and userHash and use the sum to encrypt tempTransform.json, then save it as userHashTransform.json;
4)on subsequent user login, take entered username and passwords add them together using all available rawTransforms looking for userHashTransform collisions. decrypt with sum if username, password, and user hash. if alphabets match, authenticate user.|
essentially you create a huge solution space problem only the right username/password combo can solve in reasonable time.
i bet that samsonite, I'm way off, but please tell me how to protect user data with a client side only js/css3/html5/bootstrap site? I want an open source drop in js login script we can all verifiably agree is secure so this doesn't happen to me.
| Apply to YC