Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
CrazyDoctor

What is the "Secret Key"?

Recommended Posts

Hi all,

Sometimes when I surf on the internet, I see that the website give me my "secret key".

It's a combination of 32 digits and letters without any sense.

Example for one of this:

827ccb0eea8a706c4c34a16891f84e7b

What this is for?

What this key tell me and what can I do with this?

Thank you very much!

Edited by CrazyDoctor

Share this post


Link to post
Share on other sites

I think you might mean, what does facebook use MD5 hashes for? Like a previous poster said - it's part of your authentication token. FB uses the session cookie, your user/pass hash, and an MD5 hash (probably built out of a few other pieces of info) to authenticate that you, are really you.

Share this post


Link to post
Share on other sites

I think you might mean, what does facebook use MD5 hashes for? Like a previous poster said - it's part of your authentication token. FB uses the session cookie, your user/pass hash, and an MD5 hash (probably built out of a few other pieces of info) to authenticate that you, are really you.

Sounds interesting, but why do I have to see my MD5?

Is that not an action behind the scenes?

Do I have any use with my MD5?

Behind of that, if I install any facebook application, the creator of that app can detact my facebook password?

Share this post


Link to post
Share on other sites

I think you might mean, what does facebook use MD5 hashes for? Like a previous poster said - it's part of your authentication token. FB uses the session cookie, your user/pass hash, and an MD5 hash (probably built out of a few other pieces of info) to authenticate that you, are really you.

Sounds interesting, but why do I have to see my MD5?

Is that not an action behind the scenes?

Do I have any use with my MD5?

Behind of that, if I install any facebook application, the creator of that app can detact my facebook password?

You see it partly because Facebook is lazy. There are other ways to do it, but who knows why FB decides to show it to you. It has nothing to do with your password. Here is a general example of why they use this type of info.

Say you go to a website. When you get there, it creates a cookie. Inside the cookie is a temporary MD5 hash value. This is also stored in your browser session. This way, the site will check everytime you go to a page to see if you are logged in. It may do this by making sure the hash in your browser session matches the one in your cookie. If they are the same, you are logged in. If they are not the same (or the cookie is deleted) you are not logged in anymore. You can even try that here, MSFN does not put the hash value in the URL for you to see, but it is there. Go and delete your cookie and refresh the page. You will not be logged in anymore!

Anyone who is smart at webpage security would make it so the hash has an expiry. So that no one can take your cookie to steal your login. In the best cases, there are 3 keys used by the website. One in the cookie, one in the browser and one on the server. This way, you can say (A + B) * ServerCode = C. So that the cookie and browser key can be different, but the server can take both of them and generate a third key it keeps to itself. So as long as A + B = C you will be logged in.

Edited by Tripredacus
disabled emotes

Share this post


Link to post
Share on other sites

I don't think it's lazy, I think it is more likely the way the Facebook javascript APIs are written (for website integration by non-Facebook sites). The only way for Facebook to get access to determining that you are you through a 3rd party site is to use a cookie and a key (in this case, the MD5 hash). It actually makes sense to see it in the header if you think about how Facebook is modularizing and providing SDK access to the site.

Or, it might just be developer indolence :P.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...