[wp-trac] [WordPress Trac] #3604: wp-admin Password Encryption via JavaScript

WordPress Trac wp-trac at lists.automattic.com
Wed Jan 17 15:57:22 GMT 2007


#3604: wp-admin Password Encryption via JavaScript
-----------------------------+----------------------------------------------
 Reporter:  robertaccettura  |       Owner:  anonymous                    
     Type:  defect           |      Status:  new                          
 Priority:  low              |   Milestone:  2.2                          
Component:  Administration   |     Version:                               
 Severity:  normal           |    Keywords:  security, encrypt, tinfoilhat
-----------------------------+----------------------------------------------
 A great security addition would be the ability to encrypt passwords via
 javascript.

 Advantages:
 - no need to buy an SSL Cert (more affordable)
 - safer for login via hotspot, etc.
 - extra security measure

 Should fallover so it's possible to login without.  For example:

 - If JS is enabled, it should set a hidden <input/> to give the thumbs up
 for encryption.
 - If JS is disabled, the <input/> remains off, and login is via insecure
 plain text.
 - If server can't support it, it's off.  Implementation could likely be
 done by piping to OpenSSL or an included class.

 This is already done by sites like Meebo.

 Example (and possible code to use, if licensing can work) here:
 http://www.ohdave.com/rsa/

 1024bit RSA would be a big security gain.  And this way there's no good
 reason for WP users with remotely modern browsers to not be encrypting.

 Bonus points if you can serialize all form data and transmit encrypted.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3604>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list