Security Basics mailing list archives
Re: store passwords securely in the internet
From: Patrick Cornelissen <cornelis () pcornelissen de>
Date: Mon, 12 Apr 2010 18:54:03 +0200
On Monday 12 April 2010 17:55:47 Adam Mooz wrote:
Because then the passwords are sent in the clear from the server to the client. If someone were to MITM they could get whatever password you requested, or worse is they'd get all your passwords. Too much risk.
Arrgh, see below:
You should always transmit sensitive data encrypted or encapsulate it in a secure tunnel like a VPN. <cornelis () pcornelissen de> wrote:Am Dienstag 06 April 2010 23:40:05 schrieb Andre Pawlowski: ...I hope there is any use for this program and I'm glad if anyone of you send me any critics or suggestions.Why don't you en-/decrypt the password on the server and not on the client (via javascript for example). This way you would only need to store the encrypted passwords and protect them.
It was too early in the morning... I wanted to write: "Why don't you en-/decrypt the passwords on the client and not on the sever (via javascript for example). This way you would only need to store the encrypted passwords and protect them." I somehow wrote server and meant client and vice versa... (Definitively more coffee before writing mails...) -- Mit freundlichen Gruessen, // Bye, Patrick Cornelissen ICQ:15885533
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Re: store passwords securely in the internet, (continued)
- Re: store passwords securely in the internet Jhfjjf Hfdsjj (Apr 07)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 12)
- Re: store passwords securely in the internet Alexander A. Kelner (Apr 12)
- Re: store passwords securely in the internet Greg R (Apr 13)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 13)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 12)
- Re: store passwords securely in the internet Jhfjjf Hfdsjj (Apr 07)
- Re: store passwords securely in the internet Adam Mooz (Apr 07)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 07)
- Message not available
- Re: store passwords securely in the internet Adam Mooz (Apr 12)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 07)
- Re: store passwords securely in the internet Adam Mooz (Apr 13)
- Re: store passwords securely in the internet Patrick Cornelissen (Apr 12)
- Re: store passwords securely in the internet Eric Furman (Apr 13)
- Re: store passwords securely in the internet Adam Mooz (Apr 13)
- RE: store passwords securely in the internet Lauren Twele (Apr 13)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 12)
- Re: store passwords securely in the internet Andre Pawlowski (Apr 12)
- Re: store passwords securely in the internet Tristan Mott (Apr 14)