Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # client:
- var username = 'user input value';
- var password = 'user input value';
- var nonce = server.getNonce();
- var password_nonce_hash = sha1(sha1(password) + nonce);
- server.authenticate(username, nonce, password_nonce_hash);
- # server:
- var password_hashes = {
- 'jankuca': sha1('user input value')
- };
- var nonces = [ 'generated value' ];
- getNonce: function () {
- var nonce = Math.random();
- nonces.push(nonce);
- return [ 200, nonce ];
- }
- authenticate: function (username, nonce, password_nonce_hash) {
- var nonce_index = nonces.indexOf(nonce);
- if (nonce_index === -1) {
- return [ 400, 'Invalid nonce' ];
- }
- delete nonces[nonce_index];
- var expected_password_nonce_hash = sha1(password_hash + nonce);
- if (expected_password_nonce_hash === password_nonce_hash) {
- return [ 200 ];
- }
- return [ 403, 'Wrong password' ];
- }
Add Comment
Please, Sign In to add comment