Jump to content

What is the "Secret Key"?


Recommended Posts

Hi all,

Sometimes when I surf on the internet, I see that the website give me my "secret key".

It's a combination of 32 digits and letters without any sense.

Example for one of this:

827ccb0eea8a706c4c34a16891f84e7b

What this is for?

What this key tell me and what can I do with this?

Thank you very much!

Edited by CrazyDoctor
Link to comment
Share on other sites


I think you might mean, what does facebook use MD5 hashes for? Like a previous poster said - it's part of your authentication token. FB uses the session cookie, your user/pass hash, and an MD5 hash (probably built out of a few other pieces of info) to authenticate that you, are really you.

Link to comment
Share on other sites

I think you might mean, what does facebook use MD5 hashes for? Like a previous poster said - it's part of your authentication token. FB uses the session cookie, your user/pass hash, and an MD5 hash (probably built out of a few other pieces of info) to authenticate that you, are really you.

Sounds interesting, but why do I have to see my MD5?

Is that not an action behind the scenes?

Do I have any use with my MD5?

Behind of that, if I install any facebook application, the creator of that app can detact my facebook password?

Link to comment
Share on other sites

I think you might mean, what does facebook use MD5 hashes for? Like a previous poster said - it's part of your authentication token. FB uses the session cookie, your user/pass hash, and an MD5 hash (probably built out of a few other pieces of info) to authenticate that you, are really you.

Sounds interesting, but why do I have to see my MD5?

Is that not an action behind the scenes?

Do I have any use with my MD5?

Behind of that, if I install any facebook application, the creator of that app can detact my facebook password?

You see it partly because Facebook is lazy. There are other ways to do it, but who knows why FB decides to show it to you. It has nothing to do with your password. Here is a general example of why they use this type of info.

Say you go to a website. When you get there, it creates a cookie. Inside the cookie is a temporary MD5 hash value. This is also stored in your browser session. This way, the site will check everytime you go to a page to see if you are logged in. It may do this by making sure the hash in your browser session matches the one in your cookie. If they are the same, you are logged in. If they are not the same (or the cookie is deleted) you are not logged in anymore. You can even try that here, MSFN does not put the hash value in the URL for you to see, but it is there. Go and delete your cookie and refresh the page. You will not be logged in anymore!

Anyone who is smart at webpage security would make it so the hash has an expiry. So that no one can take your cookie to steal your login. In the best cases, there are 3 keys used by the website. One in the cookie, one in the browser and one on the server. This way, you can say (A + B) * ServerCode = C. So that the cookie and browser key can be different, but the server can take both of them and generate a third key it keeps to itself. So as long as A + B = C you will be logged in.

Edited by Tripredacus
disabled emotes
Link to comment
Share on other sites

I don't think it's lazy, I think it is more likely the way the Facebook javascript APIs are written (for website integration by non-Facebook sites). The only way for Facebook to get access to determining that you are you through a 3rd party site is to use a cookie and a key (in this case, the MD5 hash). It actually makes sense to see it in the header if you think about how Facebook is modularizing and providing SDK access to the site.

Or, it might just be developer indolence :P.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...