Re: store passwords securely in the internet

[Patrick Cornelissen <cornelis () pcornelissen de>]

On Monday 12 April 2010 17:55:47 Adam Mooz wrote:
> Because then the passwords are sent in the clear from the server to
> the client.  If someone were to MITM they could get whatever password
> you requested, or worse is they'd get all your passwords.  Too much
> risk.

Arrgh, see below:
 
> You should always transmit sensitive data encrypted or encapsulate it
> in a secure tunnel like a VPN.
>
> <cornelis () pcornelissen de> wrote:
> > Am Dienstag 06 April 2010 23:40:05 schrieb Andre Pawlowski:
> > ...
> >
> > > I hope there is any use for this program and I'm glad if anyone of you
> > > send me any critics or suggestions.
> >
> > Why don't you en-/decrypt the password on the server and not on the
> > client (via javascript for example). This way you would only need to
> > store the encrypted passwords and protect them.

It was too early in the morning... I wanted to write:

"Why don't you en-/decrypt the passwords on the client and not on the
sever (via javascript for example). This way you would only need to
store the encrypted passwords and protect them."


I somehow wrote server and meant client and vice versa...
(Definitively more coffee before writing mails...)



-- 
Mit freundlichen Gruessen, // Bye,
 Patrick Cornelissen
 ICQ:15885533

Attachment: signature.asc
Description: This is a digitally signed message part.