To be really useful this class should have attached or referenced a javascript function or class that does exactly the same encryption/decryption .
Then the client can encrypt the password and send it to the server with out the "man in the middle" being able to read it.
Yes I know about SSL and such but there are MANY time I'm locked into a non secure site and would still like to ensure passwords were not comprimised.
An addition would be to have the server send down the "salt" for the javascrip client to encrypt and send back.
The server / client set would have very healthy security.
I am not a security guy just some newbie PHP hacker. |
Stumble It!
Bookmark in del.icio.us
