Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Ecryption?

by IndyZ (Friar)
on Feb 18, 2001 at 01:01 UTC ( [id://59158]=note: print w/replies, xml ) Need Help??


in reply to Ecryption?

Even if we follow Coyote's advice and use session keys, there are still security implications. When the user first sends his password, it will be plaintext. Anybody between your user and the webmail server could pull the password off of the network.

The only universally supported system that I can think of is SSL. 128-bit encryption is way better than hashing passwords or using session keys. In theory, you shouldn't even need to use session keys (but you should, because two layers of security are better than one). Plus, with SSL, everything is encrypted, so your users network can't be sniffed to find out the content of messages (but the mailservers can).

To wrap it up, session keys have worked, and still do, SSL encryption is better, but nothing is perfect. A determined cracker could probably still get access to the contents of your user's mail, but you will be making it a lot harder for him.

--
IndyZ

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://59158]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (7)
As of 2024-03-28 22:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found