[wp-trac] Re: [WordPress Trac] #3604: wp-admin Password Encryption
via JavaScript
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 27 14:12:02 GMT 2008
#3604: wp-admin Password Encryption via JavaScript
----------------------------------+-----------------------------------------
Reporter: robertaccettura | Owner: anonymous
Type: enhancement | Status: closed
Priority: low | Milestone:
Component: Administration | Version:
Severity: normal | Resolution: wontfix
Keywords: security, encryption |
----------------------------------+-----------------------------------------
Changes (by pishmishy):
* keywords: security, encrypt, tinfoilhat => security, encryption
* status: new => closed
* resolution: => wontfix
* milestone: 2.7 =>
Comment:
I'm not sure that the public/private key bit is relevant. You need a
secure means to transfer one of the keys to the other end point - that
you're not likely to be using a public hotspot at the time of install
isn't good enough.
As for Clipperz - I believe it only provides secure local storage of
passwords, it doesn't secure the password in transit to a web application.
I believe that this ticket is asking for a challenge/response system
implemented using Javascript/RSA. This'll be very complicated to get
correct. It's planned that 2.6 will have better support for https
protected admin pages. SSL is tried and tested and doesn't introduce code
that we need to maintain.
Closing as WONTFIX. A working and tested plugin implementation would do
much to persuade me otherwise.
--
Ticket URL: <http://trac.wordpress.org/ticket/3604#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list