Geek Answers Handbook

JCryption + CRAM - a good alternative to SSL?

I would like to know if jCryption + Call Answering Authentication is a good alternative to SSL.

I know that SSL is much better, but I am doing a project when the owner does not want to buy an SSL certificate, and I would like to find a solution to provide the best security approach that could be acquired without using SSL.

Any ideas?

+1
source share
5 answers

No, it is not.

Just in my head, I can think of many reasons: HTTP headers are still unencrypted, key exchange is vulnerable to man-in-the-middle attacks, and you put a high degree of trust in client code.

Just use the free SSL certificate from Startcom .

+7
source

In the jCryption info section :

jCryption in its current state does not replace SSL, since there is no authentication , but the main goal of jCryption is a very simple and quick to install plug-in that offers a base level of security .

This is perfectly understandable. This plugin is not a replacement for SSL in any way, and it should not be. The goal is not high-tech security.

If you need security that you can trust in any way, just purchase an SSL certificate. Or make your own if you want.

+4
source

You may be interested in this article:

+2
source

You can try using the Authentication Agreement Protocol (CAAP) . I suggest for algorithms using RSA and Serpent in CTR mode with an authentication code HMAC-SHA-512 added to each message. This can be implemented with minimal knowledge. Although a well-tuned SSL system is likely to be even simpler and more secure.

You can always run your own certification authority within your organization if it is not a public server. Thus, SSL certificates will not cost you arms and legs.

+1
source

jCryption intends to offer only additional protection for your sensitive data. SSL is always your primary encryption and security mechanism.

Since most websites are completely dependent on an SSL certificate for protection, new ways are being developed to crack or steal certificates. If your certificate is stolen, you are attacked by a person in the middle of an attack. And here jCryption comes into play. A hacker still cannot have meaningful access to your sensitive data if you have secondary protection (something like two-factor authentication).

Hope this helps.

0
source

More articles:


All Articles