WebApp Sec: Re: Must we authenticate login forms (using SSL?)?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: Must we authenticate login forms (using SSL?)?

From: Peter Conrad <conrad () tivano de>
Date: Fri, 30 Sep 2005 08:58:17 +0200

Hi,

On Thu, Sep 29, 2005 at 10:02:00PM -0700, Nathaniel S. H. Brown wrote:

I have created a very unique, yet simple method of a form encryption that
provides the same mechanism that the public/private key entails.

Check out my just published release at
http://www.nshb.net/secure-form-post-with-javascript-without-ssl


erm... this sounds like a plain old challenge-response mechanism. Or
maybe I don't understand what you mean with "private key" and "public
key" in your description.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

By Date By Thread

Current thread:

Must we authenticate login forms (using SSL?)? Amir Herzberg (Sep 28)
- <Possible follow-ups>
- Re: Must we authenticate login forms (using SSL?)? info (Sep 29)
  - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 29)
    - RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 29)
    - Re: Must we authenticate login forms (using SSL?)? Peter Conrad (Sep 30)
    - RE: Must we authenticate login forms (using SSL?)? Nathaniel S. H. Brown (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Rogan Dawes (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Eoin Keary (Sep 30)
    - Re: Must we authenticate login forms (using SSL?)? Antoine Martin (Sep 30)