Again the problem , especially with using key-based encryption algorithms like RSA, is that you have to have the public and private keys in order to perform the encryption/decryption. Encryption isn't the problem, since you can encrypt the password or field just using the public keys. The problem lies when you need to decrypt the cipher, which requires using a private key, which is really hard to make private if you have a .js file out on the web that contains this key. To make this more clear, if you have a javascript program that is running on a users browser, then to decrypt a cipher, that program will have to read the private key from somewhere on the web. Hence, anyone who can run this javascript can also do view the private key necessary to decrypt the cipher. Obviously this is not very secure. I guess one workaround for this would be to store the private key on the client (via a cookie -- document.cookie manipulation) and always decrypt using the private key stored on the client. I've never attempted this however, so if you can get a prototype working, that would be very interesting. --JC
----- Original Message ----- From: "Doug Melvin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; "Dynapi-Help" <[EMAIL PROTECTED]> Sent: Thursday, November 29, 2001 3:07 PM Subject: Re: [Dynapi-Help] theoretical javascript question > two words: > RSA encription. > http://www.orst.edu/dept/honors/makmur/ > > ----- Original Message ----- > From: "Jonah" <[EMAIL PROTECTED]> > To: "Dynapi-Help" <[EMAIL PROTECTED]> > Sent: Thursday, November 29, 2001 2:31 PM > Subject: [Dynapi-Help] theoretical javascript question > > > > Would it be possible, in theory, to securely validate a password client > > side? > > > > Obviously, simple string matching would not work because the client could > > view the source to find the correct password. > > > > But I have this vague notion (my upper level math skills are very rusty): > > > > Parsing the password up into characters perhaps, converting the chars > > to numbers, and then passing the numbers into the variables of a set > > of non-linear equations that must be solved simulataneously (in > javascript, > > a set of functions that must return true simultaneously). I have no idea > > how you could generate the necessary difficult-to-solve set of equations > > given a particular password, but am curious to know if such an approach > > is viable even in theory. Anyone have any ideas? > > > > Thanks, > > Jonah > > > > > > _______________________________________________ > > Dynapi-Help mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > _______________________________________________ > Dynapi-Help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/dynapi-help > _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help
