I have TSL connection between my server and client. I have no certificate, so connection is susceptible to the Man-in-the-middle attack.
I fear that attacker could intercept password hash and use it to authenticate himself in my application.
What is the best way to transmit password hash? To use server nonce or client nonce? And what hashing algorithm should i use?
Aucun commentaire:
Enregistrer un commentaire