Suppose a site doesn't store passwords on its server.
When the user creates a new account, his password is hashed together with his username and stored in a cookie insider his Web browser. When he comes to the site again and types in his username and password, the server hashes them pulls the cookie from the user’s browser and checks if the computed hash is equal to the hash
stored in the cookie. If they match, access is granted.
Can another person log into his account just be knowing the username i.e the victim's computer is offline and inaccessible( cannot be eavesdropped)

7 Years
Discussion Span
Last Post by sknake

Probably not except by brute force. This is a bad idea though since when the user loses their cookies they will no longer be able to log in. It is just a matter of time before they lose their browser settings.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.