[wp-trac] Re: [WordPress Trac] #3604: wp-admin Password Encryption via JavaScript

WordPress Trac wp-trac at lists.automattic.com
Fri Jun 27 14:12:02 GMT 2008

#3604: wp-admin Password Encryption via JavaScript
 Reporter:  robertaccettura       |        Owner:  anonymous
     Type:  enhancement           |       Status:  closed   
 Priority:  low                   |    Milestone:           
Component:  Administration        |      Version:           
 Severity:  normal                |   Resolution:  wontfix  
 Keywords:  security, encryption  |  
Changes (by pishmishy):

  * keywords:  security, encrypt, tinfoilhat => security, encryption
  * status:  new => closed
  * resolution:  => wontfix
  * milestone:  2.7 =>


 I'm not sure that the public/private key bit is relevant. You need a
 secure means to transfer one of the keys to the other end point - that
 you're not likely to be using a public hotspot at the time of install
 isn't good enough.

 As for Clipperz - I believe it only provides secure local storage of
 passwords, it doesn't secure the password in transit to a web application.

 I believe that this ticket is asking for a challenge/response system
 implemented using Javascript/RSA. This'll be very complicated to get
 correct. It's planned that 2.6 will have better support for https
 protected admin pages. SSL is tried and tested and doesn't introduce code
 that we need to maintain.

 Closing as WONTFIX. A working and tested plugin implementation would do
 much to persuade me otherwise.

Ticket URL: <http://trac.wordpress.org/ticket/3604#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list