P
Peter Young
I'm looking for ideas on encrypting form data. For example, if a user enters
a password, I would like to encrypt it before it gets posted, then decrypt
it server-side.
The obvious answer for a password is to 1-way hash it. Unfortunately, this
is for data that will not be known ahead of time - I have the requirement of
needing to encrypt any password-style textbox entries, then decrypt them on
the server. This is intended to provide 'better-than-nothing' security when
SSL is not present, and most likely would only be employed over an intranet.
It's my understanding that symmetric algos are fastest, but the problem
there is that the single key to encrypt/decrypt will need to be sent to the
client machine, which means it, along with the post data, is viewable by
anyone snooping.
An asymmetric algorithm, it would then seem, would do the trick. A public
key could be used client-side to encrypt, and then a private key could be
used server-side to decrypt. However, from googling on this, it appears that
javascript might not be up to the task from a performance perspective. I
haven't found any clear answers on this topic.
Any thoughts or direction on this are much appreciated.
TIA,
Pete
a password, I would like to encrypt it before it gets posted, then decrypt
it server-side.
The obvious answer for a password is to 1-way hash it. Unfortunately, this
is for data that will not be known ahead of time - I have the requirement of
needing to encrypt any password-style textbox entries, then decrypt them on
the server. This is intended to provide 'better-than-nothing' security when
SSL is not present, and most likely would only be employed over an intranet.
It's my understanding that symmetric algos are fastest, but the problem
there is that the single key to encrypt/decrypt will need to be sent to the
client machine, which means it, along with the post data, is viewable by
anyone snooping.
An asymmetric algorithm, it would then seem, would do the trick. A public
key could be used client-side to encrypt, and then a private key could be
used server-side to decrypt. However, from googling on this, it appears that
javascript might not be up to the task from a performance perspective. I
haven't found any clear answers on this topic.
Any thoughts or direction on this are much appreciated.
TIA,
Pete