Ok, I have a javscript algorithm for md5 and for sha1. However, if I send the password with the md5/sha1 algorithym, should I rehash it with sha256 in my php script? Or de-encrypt it in the script and re-encrypt into the more secure sha256? Or do I have to find a javascript version of sha256 as well?The Phoenix wrote:Yes. Javascript is the usual method. Google javascript md5, and Paj's work should come up. Very solid js libraries for encryption.Chalks wrote:I'm not sure I understand. I think what you're saying is to make sure I'm not sending the password from the form to my php script in cleartext. If so, wouldn't that mean that I would have to figure out a way to encrypt it client side first?
Thanks for all the answers I've gotten everyone. They've helped a ton! I'll be posting my Login class once I've got all this figured out (almost done!).
Edit: one more question that goes along with the above ones: How do I salt a password string if I have to encrypt it before I send it to the server?