On Fri, 2002-11-22 at 02:09, Andoni wrote: > It's all qualified. As the first response to your question said, it > completely depends on what you want to do and how secure you want things to > be. If you just use the <input type="password"> then your password will be > sent over the web in plain text. That is only of any use for people looking > over the user's shoulder, but if that's all you think you need then go > ahead. I would put it something like this: > > Weak: > > <input type="password> only. => no encryption. This should always be done > anyway. > > MD5 (or other 1-way encryption) at server => plain text while in transit to > server but useless to hacker of your system. > > MD5 in JavaScript => encrypted while being sent but the same hash can be > sent by others so not perfect. > > SSL => Fully Encrypted connection between browser and server. > > Strong: > > Hopefully others will suggest other methods and add to my scale.
There are three possible factors to authentications: Something you know (a password), something you have (a token) and something you are (biometic). In theory, the strongest is to use all three factors. Passwords sent over the net (even with ssl) are the weakest. People pick weak passwords, passwords can be snooped, etc. Biometrics look cool but in practice they are not nearly as effective as they look like in the movies. Something you have, a token, is very effective if used properly. There are quite a few tokens out there which simply have a DES key inside. The user activates the token with a PIN. The server sends a challenge string. The user types in the challenge, and the card encrypts it, and the user types that in to the web form and is authenticated. Other tokens actually do a full RSA process. It's easy to do, cheap, and vastly more secure than passwords. Of course, every year billions of dollars are transacted with credit cards, which have basically no real security mechanisms, but they just pass the costs on to customers and taxpayers.... Conversely, a lot of sites that have minimal security needs (a casual messageboard site, for example) have excessive security (they don't allow you to recover lost passwords easily, etc). Security decisions are business decisions, or at least they should be. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
