Robin Vickery wrote:
How about if the third party can control one side of the transaction
by altering the javascript that implements it while in transit - for
instance by adding a couple of lines that transmit the key to the
third party after the key exchange?
If the algorithm written in JavaSc
On 31/07/06, Jon Anderson <[EMAIL PROTECTED]> wrote:
Jay Blanchard wrote:
> Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
> are all publicly available, why bother hiding their JavaScript
> implementations? Only the data would be encrypted.
> [/snip]
>
> So, you're suggesti
Jay Blanchard wrote:
I am quite familiar with diffie-helman and have used it extensively with
PGP and can see how it would be used like this, but isn't this a munged
fix as opposed to using SSL?
Yep. :-)
There are cases (testing new algorithms, proof of concept, something I
haven't thought
[snip]
There's no "hiding". You could use a secure key exchange mechanism, such
as Diffie-Hellman.
Diffie-Hellman is used to generate a shared key between two hosts (say
"A" and "B") such that each host knows the key, but any third party
listening in on the information is unable to trivially re
Jay Blanchard wrote:
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
[/snip]
So, you're suggesting that you can use Ajax or some other mechanism to
hide the k
> -Original Message-
> From: Jay Blanchard [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 31, 2006 10:38 AM
> To: Jon Anderson; [php] PHP General List
> Subject: RE: [PHP] AES client side
>
> [snip]
> Why *must* you use SSL? Again, devil's advocate here (S
[snip]
Jay Blanchard wrote:
> This still leaves any Javascript exposed, doesn't it?
>
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
[/snip]
So, you're sugg
Jay Blanchard wrote:
This still leaves any Javascript exposed, doesn't it?
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
jon
--
PHP General Mailing Lis
[snip]
Why *must* you use SSL? Again, devil's advocate here (SSL is probably
much better) but that doesn't mean that you can't use some crazy JS and
PHP to implement some alternative encryption technique. (Say a symmetric
algorithm that isn't implemented in any standard SSL implementations, or
Jay Blanchard wrote:
[snip]
Just playing devil's advocate here...But I believe that if implemented
properly, encryption/decryption on the client could be secure, for
example a diffie-hellman key exchange with AJAX, followed by encryption.
[/snip]
Doesn't matter the key, you must use SSL to en
[snip]
Just playing devil's advocate here...But I believe that if implemented
properly, encryption/decryption on the client could be secure, for
example a diffie-hellman key exchange with AJAX, followed by encryption.
[/snip]
Doesn't matter the key, you must use SSL to encrypt from client to
ser
Andrei wrote:
Then get a SSL certificate and let the browser do the job. If you do it
with JavaScript or open-code language why shouldn't I just take your
code and sniff the data you/the browser sends and decrypt it.
Just playing devil's advocate here...But I believe that if implemented
Then get a SSL certificate and let the browser do the job. If you do it
with JavaScript or open-code language why shouldn't I just take your
code and sniff the data you/the browser sends and decrypt it.
Andy
Andrew Senyshyn wrote:
> Andrei wrote:
>> Encrypting/decriptying dat
At 2:59 PM +0300 7/31/06, Andrew Senyshyn wrote:
I need to implement AES decryption algorythm on client side (in browser).
I tried javascript but it is too slow.
Does anybody have others ideas how to decrypt data transfered by
from server to client in browser?
Excuse my ignorance, but if you s
What do you need exaclty?
Do you wanna encrypt the datas, that will be transfered to the client
Or
do you wanna encrypt the source code, that will be displayed on the client?
For reason 1 you can use SSL connection to encrypt the transfered datas.
For reason 2: forget it. The Browser needs to kn
[snip]
I need to implement AES decryption algorythm on client side (in
browser).
I tried javascript but it is too slow.
Does anybody have others ideas how to decrypt data transfered by from
server to client in browser?
[/snip]
You need to employ a Secure Sockets Layer.
--
PHP General Mailing Lis
Encrypting/decriptying data at client side (in javascript or whatever
script which sends the code to the client) is useless. It's like having
the data "in clear" at client side. I use JavaScript only to make the
interface "interactive".
Andy
Andrew Senyshyn wrote:
> Hi all,
>
>
Hi all,
I need to implement AES decryption algorythm on client side (in browser).
I tried javascript but it is too slow.
Does anybody have others ideas how to decrypt data transfered by from
server to client in browser?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: h
18 matches
Mail list logo