> Here you are giving me contradictory messages. First you said that even using a library is not a good idea to do it yourself and then you told me that you are going to use an existing library. Which is the correct approach?
Sorry for the confusion. The SJCL is just a library of basic crypto functions. User authentication can be built on top of it. I was recommending using a library that provides user authentication, rather than hand-rolling user authentication on top of SJCL. Best wishes Jeremy On Tue, Dec 2, 2014 at 2:53 PM, Danielo Rodríguez <[email protected]> wrote: > Hello Jeremy, thank you for your answer. > > El martes, 2 de diciembre de 2014 15:33:32 UTC+1, Jeremy Ruston escribió: >> >> Hi Danielo >> >> In the scenario you outline one normally wouldn't encrypt the password >> hash in transit to the server, instead just passing the salted password >> hash and relying on SSL for transit security. >> > > I just wanted to add an extra layer of security. Do you know an easy way > to make a hash of a password? Maybe with the mentioned library? > > >> >> This article is quite a good summary of the issues involved in creating >> and handling password hashes: >> >> https://crackstation.net/hashing-security.htm >> > > Thank you, I'll check it out. > > >> >> >> Generally, I'd suggest being very cautious in the area of encryption. >> Usually, we program by hacking and modifying our code iteratively until it >> appears to work. That approach flat-out doesn't work with encryption. It's >> incredibly easy for inexperienced people to inadvertently introduce >> weaknesses into a security protocol. Using standard algorithms like the >> Stanford JavaScript Library doesn't help much because it is so easy to use >> those algorithms incorrectly. >> >> > I have to agree with that, but I want to give at least some basic security. > > >> Speaking for myself, I've considered implementing password security in TW >> but decided to avoid it because I don't think I'm qualified to do so. My >> strategy would be to use an existing library which has been tested and >> verified by others. >> >> > Here you are giving me contradictory messages. First you said that even > using a library is not a good idea to do it yourself and then you told me > that you are going to use an existing library. Which is the correct > approach? > -- Jeremy Ruston mailto:[email protected] -- You received this message because you are subscribed to the Google Groups "TiddlyWikiDev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/tiddlywikidev. For more options, visit https://groups.google.com/d/optout.
