This question has only educational purpose. At this moment I'm making a small application on which I want to include an authentication mechanism. Application should have access to Internet when is installed, but after can work offline. Until now I've thinking of the following solutions:
1) Classic: Username and password(encrypted) sent to a authentication webservice - problems when Internet connection is down.
2) Generate a password based on motherboard/hard-disk serial no - this is generating issues when components are changed.
Also, I want to include a 'remember password' checkbox. Which is the safest way to do this? Where should I store this info?
I believe that most of you have made an authentication mechanism, more or less complex, and I'm asking for your opinion. Also, I know that everything can be hacked but I want to make it as difficult as I can.
Don't reinvent the wheel!
Some rules:
To make it simple, the server create a "challenge" for the client.
Typical implementation can be:
You can create a challenge using a good hashing algorithm (take a look at our very fast SHA-256 functions ), and follow these steps:
Depends on what you want to achieve. For instance, you might first retrieve some critical data from the server, then always store it locally, encrypted by login-password. This way no password is stored on the PC and you have to enter it to access the data.
那么为了记住密码,你可以在本地保存它的哈希值,这不能用于获取真正的密码...
You can do what browsers do using cookies and storing the password on a encrypted file or, even better, storing it to a database. Remember that you need to update the database password in case of user change it on the server. You do not need to generate the password. You can ask user to do so, and check its complexity to ensure that it is safe. And always use SSL when connection to a webservice, to ensure all data is safe to transmit.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.