Home page logo
/

basics logo Security Basics mailing list archives

Re: store passwords securely in the internet
From: Patrick Cornelissen <cornelis () pcornelissen de>
Date: Mon, 12 Apr 2010 18:54:03 +0200

On Monday 12 April 2010 17:55:47 Adam Mooz wrote:
Because then the passwords are sent in the clear from the server to
the client.  If someone were to MITM they could get whatever password
you requested, or worse is they'd get all your passwords.  Too much
risk.

Arrgh, see below:
 
You should always transmit sensitive data encrypted or encapsulate it
in a secure tunnel like a VPN.

<cornelis () pcornelissen de> wrote:
Am Dienstag 06 April 2010 23:40:05 schrieb Andre Pawlowski:
...

I hope there is any use for this program and I'm glad if anyone of you
send me any critics or suggestions.

Why don't you en-/decrypt the password on the server and not on the
client (via javascript for example). This way you would only need to
store the encrypted passwords and protect them.

It was too early in the morning... I wanted to write:

"Why don't you en-/decrypt the passwords on the client and not on the
sever (via javascript for example). This way you would only need to
store the encrypted passwords and protect them."


I somehow wrote server and meant client and vice versa...
(Definitively more coffee before writing mails...)



-- 
Mit freundlichen Gruessen, // Bye,
 Patrick Cornelissen
 ICQ:15885533

Attachment: signature.asc
Description: This is a digitally signed message part.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]