according to that link you sent me, decryption is done with the private key.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Doug Melvin Sent: Thursday, November 29, 2001 2:03 PM To: Josh Chu; [EMAIL PROTECTED]; Dynapi-Help Subject: Re: [Dynapi-Help] theoretical javascript question uh, private key? the private key is PRIVATE.. you use the public key to decrypt. Simply put, aside from SSH and SSL, I don't believe you will find a better solution. Sorry. That is just _my_ opinion tho. :-) ----- Original Message ----- From: "Josh Chu" <[EMAIL PROTECTED]> To: "Doug Melvin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "Dynapi-Help" <[EMAIL PROTECTED]> Sent: Thursday, November 29, 2001 4:58 PM Subject: Re: [Dynapi-Help] theoretical javascript question > Again the problem , especially with using key-based encryption algorithms > like RSA, is that you have to have the public and private keys in order to > perform the encryption/decryption. Encryption isn't the problem, since you > can encrypt the password or field just using the public keys. The problem > lies when you need to decrypt the cipher, which requires using a private > key, which is really hard to make private if you have a .js file out on the > web that contains this key. To make this more clear, if you have a > javascript program that is running on a users browser, then to decrypt a > cipher, that program will have to read the private key from somewhere on the > web. Hence, anyone who can run this javascript can also do view the > private key necessary to decrypt the cipher. Obviously this is not very > secure. I guess one workaround for this would be to store the private key on > the client (via a cookie -- document.cookie manipulation) and always decrypt > using the private key stored on the client. I've never attempted this > however, so if you can get a prototype working, that would be very > interesting. > --JC > > > ----- Original Message ----- > From: "Doug Melvin" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; "Dynapi-Help" > <[EMAIL PROTECTED]> > Sent: Thursday, November 29, 2001 3:07 PM > Subject: Re: [Dynapi-Help] theoretical javascript question > > > > two words: > > RSA encription. > > http://www.orst.edu/dept/honors/makmur/ > > > > ----- Original Message ----- > > From: "Jonah" <[EMAIL PROTECTED]> > > To: "Dynapi-Help" <[EMAIL PROTECTED]> > > Sent: Thursday, November 29, 2001 2:31 PM > > Subject: [Dynapi-Help] theoretical javascript question > > > > > > > Would it be possible, in theory, to securely validate a password client > > > side? > > > > > > Obviously, simple string matching would not work because the client > could > > > view the source to find the correct password. > > > > > > But I have this vague notion (my upper level math skills are very > rusty): > > > > > > Parsing the password up into characters perhaps, converting the chars > > > to numbers, and then passing the numbers into the variables of a set > > > of non-linear equations that must be solved simulataneously (in > > javascript, > > > a set of functions that must return true simultaneously). I have no > idea > > > how you could generate the necessary difficult-to-solve set of equations > > > given a particular password, but am curious to know if such an approach > > > is viable even in theory. Anyone have any ideas? > > > > > > Thanks, > > > Jonah > > > > > > > > > _______________________________________________ > > > Dynapi-Help mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > > > > _______________________________________________ > > Dynapi-Help mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help
