PHP login system with RSA algorithm

Question

PHP login system with RSA algorithm

I am currently connecting a login system with an RSA class (a class that is an implementation of the RSA algorithm in PHP). I read some information about this algorithm, although I have some doubts about it and hope someone can clarify them.

RSA works with two keys - public and private, both are generated using an algorithm. Are these keys generated only once and then included in the site code (one for the administrator and one on the user site)?

The main idea of its implementation is to place let say login.php on the site with the code entry form, public key, and when the login and password are sent for verification, encrypt them using the public key. On the server side, this message will be decrypted using the private key and checked to see if the information is correct and the true / false error information is sent. Can you tell me how safe and proper to use it?

+3

security php login

sebap123 Apr 21 '12 at 21:51

source share

3 answers

, - HTTPS. , , . , JavaScript. JavaScript .

- -, , . - .

- HTTPS .

+2

Stanislav Palatnik 21 . '12 22:21

If you want the transfer to be safe, you cannot use the server-side scripting language for it. Encryption and decryption will first occur when the cleartext password reaches the server, which gives the listener a good time to intercept. You can use the RSA javascript implementation to encrypt the client part of the password, and then php on the server side to decrypt it.

You will have a public key for encryption and a private key on the server for decryption.

0

Mads Apr 21 '12 at 22:11

source share

Dyin · Accepted Answer · 2012-04-21T22:18:12+0000

HTTPS , . , Javascript . , (HTTPS) - , , , .

PHP login system with RSA algorithm

More articles: