Another form of encrytion? "Not SSL"

Leon · Oct 30, 2004

How can I encrypted data sent across my website from web forms without using
SSL?
Such as on Login the user enter "EmailAddress" & "Password" and Simply
Registration Form
in which the user creates a Password, FirstName, LastName, etc.
I see site like Careerbuilder and Monster allow user to register, login, and
retrieve a lost password
without using a SSL connection "I Know anytime you deal with credit card
info you need a SSL.
Thanks!

Daniel Fisher\(lennybacon\) · Oct 30, 2004

You can use a javascript BigInt to encrypt dat before it's send and decrypt
it using BitInt in C# when it's submited.

Joerg Jooss · Oct 30, 2004

Leon said:
How can I encrypted data sent across my website from web forms
without using SSL?
Such as on Login the user enter "EmailAddress" & "Password" and Simply
Registration Form
in which the user creates a Password, FirstName, LastName, etc.
I see site like Careerbuilder and Monster allow user to register,
login, and retrieve a lost password
without using a SSL connection

So what makes you even think these sites are secure?

Robert Hurlbut · Oct 31, 2004

Leon,

If there is no SSL being done on the form, then your information is more
than likely sent clear text. Now, they could be using SSL with a form post,
which would be secure, and you can tell this through "view source" on the
page. Even with SSL, though, just because the lock is there in the corner
doesn't always mean it is valid. You still have to check it.

Also, if you are able to get your password back from any site without them
re-generating a temporary password, then that site is probably storing your
password in clear text, or at best encrypting it with some key they use to
decrypt it. Ideally, you want the site to use a salt and one-way strong hash
to store your password, which means you can't ever retrieve the same
password.

Robert Hurlbut
http://weblogs.asp.net/rhurlbut
http://www.securedevelop.net

Leon · Oct 31, 2004

So is it easy for a hacker to get personal information sent in clear text
across the web.

Joerg Jooss · Oct 31, 2004

Leon said:
So is it easy for a hacker to get personal information sent in clear
text across the web.

At least much easier than compared to using SSL ;-)

Leon · Oct 31, 2004

but the network itself provide somewhat type of security during the process
of the clear text information passing across the web?

Robert Hurlbut · Nov 1, 2004

Anything sent over a network without SSL or some other form of encryption is
in "clear text" form and can be viewed through a standard network sniffer.

Robert Hurlbut
http://weblogs.asp.net/rhurlbut
http://www.securedevelop.net

Leon · Nov 1, 2004

what' a network sniffer?
A Program that...

Robert Hurlbut said:
Anything sent over a network without SSL or some other form of encryption
is in "clear text" form and can be viewed through a standard network
sniffer.

Robert Hurlbut
http://weblogs.asp.net/rhurlbut
http://www.securedevelop.net

Ken Schaefer · Nov 1, 2004

program that captures and allows examination of packets travelling on the
network: eg www.ethereal.com

Cheers
Ken

Leon · Nov 1, 2004

But don't still need access to the network to use the sniffer, or can you
get to the network through www.somename.com?

Another form of encryption "Not SSL"?	5	Oct 30, 2004
Form Data Not Displaying	6	May 25, 2009
GirdView not sorting after change	3	Jan 21, 2007
security recommendation	0	Jan 12, 2006
Using TLS/SSL with Net::SMTP	0	May 2, 2006
redirecting from another page besides the login page	1	Jan 18, 2005
Form not posting correctly on cellphone	0	Nov 20, 2007
Manage web form with libcurl	2	Nov 14, 2006

Another form of encrytion? "Not SSL"

Leon

Daniel Fisher\(lennybacon\)

Joerg Jooss

Robert Hurlbut

Leon

Joerg Jooss

Leon

Robert Hurlbut

Leon

Ken Schaefer

Leon

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads