Password encryption at client side [duplicate]

by

This won’t be secure, and it’s simple to explain why:

If you hash the password on the client side and use that token instead of the password, then an attacker will be unlikely to find out what the password is.

But, the attacker doesn’t need to find out what the password is, because your server isn’t expecting the password any more – it’s expecting the token. And the attacker does know the token because it’s being sent over unencrypted HTTP!

Now, it might be possible to hack together some kind of challenge/response form of encryption which means that the same password will produce a different token each request. However, this will require that the password is stored in a decryptable format on the server, something which isn’t ideal, but might be a suitable compromise.

And finally, do you really want to require users to have javascript turned on before they can log into your website?

In any case, SSL is neither an expensive or especially difficult to set up solution any more

More Related Contents:

  1. Bad Value for attribute href in a in jsp
  2. Download a file by jQuery.Ajax
  3. Access Java / Servlet / JSP / JSTL / EL variables in JavaScript
  4. CasperJS/PhantomJS doesn’t load https page
  5. Call Servlet and invoke Java code from JavaScript along with parameters
  6. How to create an HTTPS server in Node.js?
  7. How to escape JavaScript in JSP?
  8. Where do you include the jQuery library from? Google JSAPI? CDN?
  9. Is there a way to get SSL certificate details using JavaScript?
  10. node-request – Getting error “SSL23_GET_SERVER_HELLO:unknown protocol”
  11. How to set the JSTL variable value in javascript?
  12. Within a web browser, is it possible for JavaScript to obtain information about the HTTPS Certificate being used for the current page?
  13. HTML Alignment Issue in one machine only (both IE8)
  14. Better way to prevent browser caching of JavaScript files
  15. nodejs – error self signed certificate in certificate chain
  16. How do you get the contextPath from JavaScript, the right way?
  17. Asynchronous file upload (AJAX file upload) using jsp and javascript [duplicate]
  18. How can i access javascript variables in JSP?
  19. How to disable submit button once it has been clicked?
  20. Page loaded over HTTPS but requested an insecure XMLHttpRequest endpoint
  21. How to use scriptlet inside javascript
  22. AJAX, Subdomains, and SSL
  23. Regex for checking that at least 3 of 4 different character groups exist
  24. Populating JavaScript Array from JSP List
  25. Verify user password in Meteor
  26. Set Jquery ui active tab on page load/reload
  27. Permission denied to access property in IFRAME
  28. Disable drop paste in HTML input fields? [duplicate]
  29. Not allowed to load local resource: file
  30. How to read an excel file contents on client side?

Leave a Comment