On 5/6/2010 9:00 AM, PsychoBilly wrote: > http://www.jcryption.org/
A perfect example of what doesn't work. >From the site: > Normally if you submit a form and you don’t use SSL, your data will be sent > in plain text. > But SSL is neither supported by every webhost nor it’s easy to install/apply > sometimes. Setting up a secure site is too hard, what to do?! Last I heard, millions of sites had succeeded in setting up SSL. > So I created this plug-in in order that you are able to encrypt your data > fast and simple. > jCryption uses the public-key algorithm of RSA for the encryption. > > jCryption at it’s current state is no replacement for SSL, because there is > no authentication, Ok, what good is it then? Adversary simply modifies your page in transit to not use the 'jcryption', or to leak him a copy of the session key. This kind of thing will only deter people who don't know any better or people with little motivation to care about your data anyway. Using it is only an admission that you are either incompetent or don't have anything worth the slightest effort to steal. - Marsh _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
