[wp-trac] [WordPress Trac] #3604: wp-admin Password Encryption via
JavaScript
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 17 15:57:22 GMT 2007
#3604: wp-admin Password Encryption via JavaScript
-----------------------------+----------------------------------------------
Reporter: robertaccettura | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.2
Component: Administration | Version:
Severity: normal | Keywords: security, encrypt, tinfoilhat
-----------------------------+----------------------------------------------
A great security addition would be the ability to encrypt passwords via
javascript.
Advantages:
- no need to buy an SSL Cert (more affordable)
- safer for login via hotspot, etc.
- extra security measure
Should fallover so it's possible to login without. For example:
- If JS is enabled, it should set a hidden <input/> to give the thumbs up
for encryption.
- If JS is disabled, the <input/> remains off, and login is via insecure
plain text.
- If server can't support it, it's off. Implementation could likely be
done by piping to OpenSSL or an included class.
This is already done by sites like Meebo.
Example (and possible code to use, if licensing can work) here:
http://www.ohdave.com/rsa/
1024bit RSA would be a big security gain. And this way there's no good
reason for WP users with remotely modern browsers to not be encrypting.
Bonus points if you can serialize all form data and transmit encrypted.
--
Ticket URL: <http://trac.wordpress.org/ticket/3604>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list