Ajax Login: Password Encryption

encryption jquery login password-encryption
ScubaSteve picture ScubaSteve · Jun 7, 2011 · Viewed 13.3k times · Source

I am using jQuery Ajax to login a user. Right now, I use JS to grab the values from the username and password textboxes and send them to a aspx page which checks the credentials. It then returns JSON letting the user know if they are logged in or not. Everything works well, but I noticed while using Firebug that the password was being sent in plain text.

What is the best way to encrypt the password? (BTW, I am not on a HTTPS server)

Answer

webwurst picture webwurst · Jul 19, 2011

Bcrypt could be your friend. And there is also an implementation in Javascript named jsBCrypt. I highly recommend reading this insightful article: Storing passwords in uncrackable form.

But: Be careful! If you do not use SSL or a server provided nonce, you may be vulnerable to man in the middle attacks. If someone reads the (unencrypted) traffic between your client and the server, he gets the encrypted password. And it is enough for him to use it to authenticate against the server whenever he wants without knowing the real password..

Related questions

Encrypt and decrypt a string in C#?

How can I encrypt and decrypt a string in C#?

Read More
Encrypting & Decrypting a String in C#

What is the most modern (best) way of satisfying the following in C#? string encryptedString = SomeStaticClass.Encrypt(sourceString); string decryptedString = SomeStaticClass.Decrypt(encryptedString); BUT with a minimum of fuss involving salts, keys, mucking about with byte[], etc. Been Googling and …

Read More
Java 256-bit AES Password-Based Encryption

I need to implement 256 bit AES encryption, but all the examples I have found online use a "KeyGenerator" to generate a 256 bit key, but I would like to use my own passkey. How can I create my own key? I …

Read More