Jay Blanchard wrote:
Yes, but that shouldn't matter. The algorithms for RSA, AES, etc, etc
are all publicly available, why bother hiding their JavaScript
implementations? Only the data would be encrypted.
[/snip]
So, you're suggesting that you can use Ajax or some other mechanism to
hide the key on the server?
There's no "hiding". You could use a secure key exchange mechanism, such
as Diffie-Hellman.
Diffie-Hellman is used to generate a shared key between two hosts (say
"A" and "B") such that each host knows the key, but any third party
listening in on the information is unable to trivially reconstruct the key.
See: http://en.wikipedia.org/wiki/Diffie-Hellman
jon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
