> At 9:34 AM +1000 on 5/3/99, Adrian Sutton wrote:
> 
> >Adrian:  How would you implement it so that the passwords remain
> >safe while the cgi can be placed in the downloads folder (so others
> >can make changes, bug fixes etc)?
> 
> DeRobertis: One needs to encode passwords with a non-reversable function.

Adrian: I have researched this a little now.  I found the RSA Public-
key Cryptography system and have implemented it into the, now 
almost completed, cgi.  Also, every function has a reversible 
element to it, some are just extremely difficult to find.  The RSA 
system is based on the difficulty of factoring.  In the end it comes 
down to using the formula:

E(x) = x^e mod n

where x is the number to encrypt, n is the product of any two prime 
numbers and e*d= 1 (mod <o with a slightly skew vertical line 
through it>(n))  d and e can be any numbers that make this formula 
true.  p, q and d are kept private while e and n are public.  Nowhere 
in the cgi are the numbers p,q and d mentioned, there is no 
decrypt function.

Reply via email to