Ajax Login: password encryption

Question

Ajax Login: password encryption

I am using jQuery Ajax for user login. Right now, I'm using JS to grab the values from the username and password text fields and send them to an aspx page that validates credentials. It then returns JSON, letting the user know if they are logged in or not. Everything works fine, but I noticed when using Firebug that the password is sent in plain text.

What is the best way to encrypt a password? (BTW, I'm not on an HTTPS server)

+5

jquery login password-encryption encryption

Scubasteve Jun 07 '11 at 17:59

source share

4 answers

https. , , , , firebug ( ), /.

, https - . . , , , .

+2

hvgotcodes 07 . '11 18:07

sha1 (http://www.webtoolkit.info/javascript-sha1.html) ? . , , .

0

nagisa 07 . '11 18:42

Ajax . . , . , , SSL-. , , SSL.

Bcrypt, , , , Ajax. Bcrypt /, - .

RSA- AES- ( JavaScript) ( , ASP.NET).

:

RSA.
RSA RSA.
AES RSA.
AES .
Ajax .
- AES .

I would like to have a one-stop solution to do all this, but I don't know about it at this time.

Libraries I used:

0

Michael tanner Sep 04 '14 at 20:51

source share

webwurst · Accepted Answer · 2011-07-19T13:52:03+0000

Bcrypt can be your friend. And there is also a Javascript implementation called jsBCrypt . I highly recommend reading this insightful article: Keeping passwords in irreproducible form .

But : Be careful! If you are not using SSL or the server provided by nonce , you may be vulnerable to humans in medium attacks. If someone reads (unencrypted) traffic between your client and server, he gets an encrypted password. And it is enough for him to use it for authentication on the server whenever he wants, without knowing the real password ..

Ajax Login: password encryption

More articles: