Posts

Showing posts from November 14, 2018

How to secure passwords over HTTP?

Image
up vote 24 down vote favorite 7 Say my password is abc . I want to send it to the server over HTTP. I could send it in plaintext and let the server hash it and compare it to the entries in its database, but then anyone that can see traffic over that connection would see the password in plain text. So then I could hash it client-side and let the server just compare it without hashing since it's already hashed (or the server could even double hash, but no difference in this situation). But then again anyone that can see the traffic would see the password hashed, and then send the hashed password to the server and the server would accept it. How do I send passwords over HTTP? Do I need to implement some encryption algorithm like RSA public key encryption? Or is this impossible? The method should be usable in any browser. ...