Encrypting/decriptying data at client side (in javascript or whatever
script which sends the code to the client) is useless. It's like having
the data in clear at client side. I use JavaScript only to make the
interface interactive.
Andy
Andrew Senyshyn wrote:
Hi all,
I need
[snip]
I need to implement AES decryption algorythm on client side (in
browser).
I tried javascript but it is too slow.
Does anybody have others ideas how to decrypt data transfered by from
server to client in browser?
[/snip]
You need to employ a Secure Sockets Layer.
--
PHP General Mailing
What do you need exaclty?
Do you wanna encrypt the datas, that will be transfered to the client
Or
do you wanna encrypt the source code, that will be displayed on the client?
For reason 1 you can use SSL connection to encrypt the transfered datas.
For reason 2: forget it. The Browser needs to
At 2:59 PM +0300 7/31/06, Andrew Senyshyn wrote:
I need to implement AES decryption algorythm on client side (in browser).
I tried javascript but it is too slow.
Does anybody have others ideas how to decrypt data transfered by
from server to client in browser?
Excuse my ignorance, but if you
Then get a SSL certificate and let the browser do the job. If you do it
with JavaScript or open-code language why shouldn't I just take your
code and sniff the data you/the browser sends and decrypt it.
Andy
Andrew Senyshyn wrote:
Andrei wrote:
Encrypting/decriptying data
Andrei wrote:
Then get a SSL certificate and let the browser do the job. If you do it
with JavaScript or open-code language why shouldn't I just take your
code and sniff the data you/the browser sends and decrypt it.
Just playing devil's advocate here...But I believe that if implemented
[snip]
Just playing devil's advocate here...But I believe that if implemented
properly, encryption/decryption on the client could be secure, for
example a diffie-hellman key exchange with AJAX, followed by encryption.
[/snip]
Doesn't matter the key, you must use SSL to encrypt from client to
Jay Blanchard wrote:
[snip]
Just playing devil's advocate here...But I believe that if implemented
properly, encryption/decryption on the client could be secure, for
example a diffie-hellman key exchange with AJAX, followed by encryption.
[/snip]
Doesn't matter the key, you must use SSL to
[snip]
Why *must* you use SSL? Again, devil's advocate here (SSL is probably
much better) but that doesn't mean that you can't use some crazy JS and
PHP to implement some alternative encryption technique. (Say a symmetric
algorithm that isn't implemented in any standard SSL implementations, or
Jay Blanchard wrote:
This still leaves any Javascript exposed, doesn't it?
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
jon
--
PHP General Mailing
[snip]
Jay Blanchard wrote:
This still leaves any Javascript exposed, doesn't it?
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
[/snip]
So, you're
-Original Message-
From: Jay Blanchard [mailto:[EMAIL PROTECTED]
Sent: Monday, July 31, 2006 10:38 AM
To: Jon Anderson; [php] PHP General List
Subject: RE: [PHP] AES client side
[snip]
Why *must* you use SSL? Again, devil's advocate here (SSL is
probably much better
Jay Blanchard wrote:
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
[/snip]
So, you're suggesting that you can use Ajax or some other mechanism to
hide the
[snip]
There's no hiding. You could use a secure key exchange mechanism, such
as Diffie-Hellman.
Diffie-Hellman is used to generate a shared key between two hosts (say
A and B) such that each host knows the key, but any third party
listening in on the information is unable to trivially
Jay Blanchard wrote:
I am quite familiar with diffie-helman and have used it extensively with
PGP and can see how it would be used like this, but isn't this a munged
fix as opposed to using SSL?
Yep. :-)
There are cases (testing new algorithms, proof of concept, something I
haven't thought
On 31/07/06, Jon Anderson [EMAIL PROTECTED] wrote:
Jay Blanchard wrote:
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
[/snip]
So, you're suggesting that
Robin Vickery wrote:
How about if the third party can control one side of the transaction
by altering the javascript that implements it while in transit - for
instance by adding a couple of lines that transmit the key to the
third party after the key exchange?
If the algorithm written in
17 matches
Mail list logo
