Posted: Wed Jun 29, 2005 8:40 am
RSA in JS: http://home.zonnet.nl/MAvanEverdingen/Code/Stryks wrote: I've searched high and low though, and I can't seem to find a reliable RSA / ElGamal etc. implementation which produces identical results in both javascript and PHP, so I'm at a loss for how to implement this.
RSA in PHP: http://www.edsko.net/phpsource.php?file ... ts/rsa.php
Both seem to interact with each other fine.
Actually, there are a few other ways "around" the problem. You can set the password FOR the user on initial signup, and send it to their email. That way, it uses a second channel (increased difficulty for sniffing), and the user can change it on login. (This is used somewhat effectively on some *nuke installs).Stryks wrote:I've been looking at using encryption for the password transfer, but I just cant see how any symmetrical system (Triple DES, blowfish, etc.) is going to work, as the secret must be shared on the client side, which pretty much defeats the purpose.
You can also do the same for password resets. You could alternatively send a confirmation code via email, and use the confirmation code as the key to encrypt both sides. Just a different approach.