Encrypt user password using jquery and decrypt it using C #

If you do not use SSL, you are insecure, but this is not the only reason.

SSL protects the actual connection, while encryption protects the data that you connect. You do not even have to encrypt passwords. You have to make a strengthened hash of information. A hash is a one-way function (cannot be canceled), while encryption is a two-way function (can be canceled). Storage and use of hashing includes:

• Iterating over a hash built for speed, like SHA512 couple of thousand times, or using something like BCrypt .
• Use salt - something like a 64-bit array of riots per user stored in the database will do this
• Encrypt keys and salts in the database using the key in the application layer. This means that if your database is taken, they still need a key from the application layer to access the original hash information, as well as the salts.

You must remember that security is built in layers. By skipping SSL, you will skip most of it. At the very least, you can use makecert to create a self-signed certificate . All that happens is that the user will be warned about this. A good SSL certificate can only cost $ 12.99 on GoDaddy . I recommend getting it, as well as implementing the above.

Without SSL, you open your code for network sniffing attacks. Client-side encryption is also not good.

Unfortunately, there is no safe way around it without obtaining a valid certificate. This approach would be unsafe.

I agree with other people's security considerations, if you are so successful at this, you can try using the PKI user interface. You will need to study a little deeper the code necessary to achieve this, but here is a link to describe the structure of the public key:

Public Key Cryptography

So, if you manage to encode the RSA algorithm with the public key in jQuery, you will not have to easily match its decryption of the secret key in C #. This is not a recommendation, because in reality it is only “security through obfuscation” (which is not security at all).

You can encrypt form data using Javascript. This can be done, see http://www.movable-type.co.uk/scripts/aes.html . If the data is encrypted using a key, you will have to save this key in javascript code, as well as in server code. Since javascript code will be on the client side and the key will be publicly available, this will not be safe :). The same is true for asymmetric encryption. Different data can be encrypted with the same key and sent to the server.

SSL is designed to solve Internet security problems using public-key cryptography and symmetric encryption technology. The attack of the average person is not allowed. Using SSL, you can be sure that your data is protected, not changed, and there is a third-party certification authority that says that you are who you are.

If you say that I can put the encryption key or code in the applet or active-x object or flash swf and use obfuscation to protect the code, this might be the way. But again, this approach is open to attack and not protected. Obfuscation does not guarantee that your key or algorithm is safe, it just hardens the work of the cracker to get the key.

I hope this helps.