woops, you are correct. ----- Original Message ----- From: "Jonah" <[EMAIL PROTECTED]> To: "Dynapi-Help" <[EMAIL PROTECTED]> Sent: Thursday, November 29, 2001 5:30 PM Subject: RE: [Dynapi-Help] theoretical javascript question
> according to that link you sent me, decryption is done with the private key. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Doug Melvin > Sent: Thursday, November 29, 2001 2:03 PM > To: Josh Chu; [EMAIL PROTECTED]; Dynapi-Help > Subject: Re: [Dynapi-Help] theoretical javascript question > > > uh, private key? the private key is PRIVATE.. > you use the public key to decrypt. > > Simply put, aside from SSH and SSL, I don't believe you will find a better > solution. > Sorry. > That is just _my_ opinion tho. > :-) > ----- Original Message ----- > From: "Josh Chu" <[EMAIL PROTECTED]> > To: "Doug Melvin" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]>; "Dynapi-Help" > <[EMAIL PROTECTED]> > Sent: Thursday, November 29, 2001 4:58 PM > Subject: Re: [Dynapi-Help] theoretical javascript question > > > > Again the problem , especially with using key-based encryption algorithms > > like RSA, is that you have to have the public and private keys in order to > > perform the encryption/decryption. Encryption isn't the problem, since > you > > can encrypt the password or field just using the public keys. The problem > > lies when you need to decrypt the cipher, which requires using a private > > key, which is really hard to make private if you have a .js file out on > the > > web that contains this key. To make this more clear, if you have a > > javascript program that is running on a users browser, then to decrypt a > > cipher, that program will have to read the private key from somewhere on > the > > web. Hence, anyone who can run this javascript can also do view the > > private key necessary to decrypt the cipher. Obviously this is not very > > secure. I guess one workaround for this would be to store the private key > on > > the client (via a cookie -- document.cookie manipulation) and always > decrypt > > using the private key stored on the client. I've never attempted this > > however, so if you can get a prototype working, that would be very > > interesting. > > --JC > > > > > > ----- Original Message ----- > > From: "Doug Melvin" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]>; "Dynapi-Help" > > <[EMAIL PROTECTED]> > > Sent: Thursday, November 29, 2001 3:07 PM > > Subject: Re: [Dynapi-Help] theoretical javascript question > > > > > > > two words: > > > RSA encription. > > > http://www.orst.edu/dept/honors/makmur/ > > > > > > ----- Original Message ----- > > > From: "Jonah" <[EMAIL PROTECTED]> > > > To: "Dynapi-Help" <[EMAIL PROTECTED]> > > > Sent: Thursday, November 29, 2001 2:31 PM > > > Subject: [Dynapi-Help] theoretical javascript question > > > > > > > > > > Would it be possible, in theory, to securely validate a password > client > > > > side? > > > > > > > > Obviously, simple string matching would not work because the client > > could > > > > view the source to find the correct password. > > > > > > > > But I have this vague notion (my upper level math skills are very > > rusty): > > > > > > > > Parsing the password up into characters perhaps, converting the chars > > > > to numbers, and then passing the numbers into the variables of a set > > > > of non-linear equations that must be solved simulataneously (in > > > javascript, > > > > a set of functions that must return true simultaneously). I have no > > idea > > > > how you could generate the necessary difficult-to-solve set of > equations > > > > given a particular password, but am curious to know if such an > approach > > > > is viable even in theory. Anyone have any ideas? > > > > > > > > Thanks, > > > > Jonah > > > > > > > > > > > > _______________________________________________ > > > > Dynapi-Help mailing list > > > > [EMAIL PROTECTED] > > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > > > > > > > _______________________________________________ > > > Dynapi-Help mailing list > > > [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > > > > _______________________________________________ > Dynapi-Help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/dynapi-help > > > _______________________________________________ > Dynapi-Help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/dynapi-help _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help
