José León Serna wrote:
Have you considered using on one-way MD5 hash instead? Again, it would need JS to do the client-side hashing (so JS on the client mandatory). In the server database keep the hashed values and compare them with what the client sends.Hello: I'm looking for an RSA implementation, the ones I have found are really slow, and I just want to:generatekey decrypt the encryptfunction will be done in javascript, it's for a login system without SSL.
Keeping the hashed values in the database is more secure than unencrypted passwords, and you don't want to look at users' passwords anyway, do you?
Just a thought, in case you had not yet considered it. The archives from a week or so ago will have something on this, I remember it being discussed.
HTH
Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
