I've given this some thought and done some Internet research.
ASSUMPTIONS
Please check my assumptions here.
1. In order to log a person into Domino they must submit a user name and password. Therefor, in order for the "remember me" function to work, the user name and password must be entered into the login form somehow. (Other systems may have other options but, as Domino users, we do not.)
2. An MD5 (or any other) hash is a one-way operation. That is, once the password is hashed it can not be recovered.
3. The attack we are protecting is cookie theft. That is the attacker has obtained our user's "remember me" cookie and is trying to use it to log into the site.
THEREFOR
Given #1 above, whatever we do we must somehow use the "remember me" cookie to retrieve or extract the user name and password to be used for the automatic log in process. All the methods I read about seem to be about obfuscating at least the password and ameliorating the damage a stolen cookie can do.
If I store a unique identifier in the "remember me" cookie (which could be generated by MD5 or many other methods) which lets me look up and pass back the user name and password then that could be used in the log in form. But any attacker that steals that cookie could do exactly the same thing so nothing of real value has been accomplished. All we've done is obfuscated the user name and password.
So given assumption #1 and #3, I see no way to prevent the attacker from obtaining the user name and password. If we could log a user in on the server side then we could protect the user name and password but not prevent the attacker from logging in.
Even public key cryptography fails in this case because there is no safe place to save the user's private key.
CONCLUSION
"Remember me" cookies are not safe and there is no way to make them safe.
Please point out where my reasoning is wrong because I'd like to use this feature. (I did read several places where people recommended saving the user name and password in a cookie.)
@Jake (MD5 hash)
I've given this some thought and done some Internet research.
ASSUMPTIONS
Please check my assumptions here.
1. In order to log a person into Domino they must submit a user name and password. Therefor, in order for the "remember me" function to work, the user name and password must be entered into the login form somehow. (Other systems may have other options but, as Domino users, we do not.)
2. An MD5 (or any other) hash is a one-way operation. That is, once the password is hashed it can not be recovered.
3. The attack we are protecting is cookie theft. That is the attacker has obtained our user's "remember me" cookie and is trying to use it to log into the site.
THEREFOR
Given #1 above, whatever we do we must somehow use the "remember me" cookie to retrieve or extract the user name and password to be used for the automatic log in process. All the methods I read about seem to be about obfuscating at least the password and ameliorating the damage a stolen cookie can do.
For example:
Link
DISCUSSION
If I store a unique identifier in the "remember me" cookie (which could be generated by MD5 or many other methods) which lets me look up and pass back the user name and password then that could be used in the log in form. But any attacker that steals that cookie could do exactly the same thing so nothing of real value has been accomplished. All we've done is obfuscated the user name and password.
So given assumption #1 and #3, I see no way to prevent the attacker from obtaining the user name and password. If we could log a user in on the server side then we could protect the user name and password but not prevent the attacker from logging in.
Even public key cryptography fails in this case because there is no safe place to save the user's private key.
CONCLUSION
"Remember me" cookies are not safe and there is no way to make them safe.
Please point out where my reasoning is wrong because I'd like to use this feature. (I did read several places where people recommended saving the user name and password in a cookie.)
Peace,
Rob:-]