RE: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-11 Thread Michael Davey
So why are you asking this question to a PHP list? > -Original Message- > From: Svensson, B.A.T. (HKG) [mailto:[EMAIL PROTECTED]] > Sent: 11 June 2002 15:44 > To: [EMAIL PROTECTED] > Cc: Php Win32 list > Subject: RE: [PHP-WIN] How to pass passwd Server <-> Cl

RE: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-11 Thread Svensson, B.A.T. (HKG)
> Have you looked and the Challenge-Response Authentication stuff in phplib? > > Just a thought... Thanks for your tips. I am aware of it, but I can't (currently) use php because of policy decisions. Also I realize that I need to make an errata on my quote from Monday, June 10, 2002 15:49: "And

RE: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-11 Thread Svensson, B.A.T. (HKG)
Thanks for your feedback Scott! > You should also keep in mind that it's exceedingly dangerous > to "re-invent the wheel" when it comes to cryptography. Heavily > peer-reviewed algorithms (which are not always the most secure) > are always your best bet. I don't intend to do that: I just want t

Re: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-10 Thread Scott Hurring
You should also keep in mind that it's exceedingly dangerous to "re-invent the wheel" when it comes to cryptography. Heavily peer-reviewed algorithms (which are not always the most secure) are always your best bet. Even though SSL isn't the best overall option for 100% total security, if you go

RE: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-10 Thread Ross Fleming
Anders, what's wrong with SSL? It uses both the cipher suites you mention (DES is no longer deemed "secure" by the way, 3DES is the way to go, and you can't use DES on its own, since you need to exchange your private keys somehow, hence they must encrypted with a public key). 3DES is faster than

RE: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-10 Thread Svensson, B.A.T. (HKG)
> > But before I start all this implementation, I wonder what other > > kinds of solution other might have been using - I would prefer > > not to have scripts running on the client side, but a public > > key system force me to do this. (And I can use php, so it > > pointless to refer to any php sp

Re: [PHP-WIN] How to pass passwd Server <-> Client in a "secure" way

2002-06-10 Thread Stuart Dallas
Monday, June 10, 2002, 2:49:14 PM, you wrote: > But before I start all this implementation, I wonder what other > kinds of solution other might have been using - I would prefer > not to have scripts running on the client side, but a public > key system force me to do this. (And I can use php, so i