I would like to use JavaScript to encrypt the user password and username at login (using Ajax). I know that there are several asymmetric encryption libraries for JavaScript. Is this a viable password security strategy?
I understand that SSL exists, but that is not a question.
No. It does not matter if the attacker receives a password or an encrypted password, both are sent to the server “unencrypted”, so the encrypted password can be used to log into the system.
JavaScript . , HTTPS.
: , , .
: - , PHD
, , , .
:
- , ( https). , . , , .
, , .
, javascript, .
, , , . . , Javascript , .
SRP Javascript:
, , , , , JavaScript. , HTTP, , , , , , .
- HTTPS. , HTTPS - , , , , , JavaScript.
- , . - // .
"--", , , . - , , .
, .
, , . , , , , , ( , , , )..
, . , .