Pages: [1]

Author Topic: Preferred way to obfuscate passwords over HTTP?  (Read 931 times)

0 Members and 1 Guest are viewing this topic.

Offline Mmwwaaaa

  • Serf
  • *
  • Posts: 20
  • Cookies: 6
    • View Profile
Preferred way to obfuscate passwords over HTTP?
« on: March 30, 2015, 03:49:41 pm »
How do you like to prevent the odd person from sniffing your HTTP passwds?

Regards,
Report to moderator   Logged

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #1 on: March 30, 2015, 03:57:15 pm »
Short answer, you don't. Use SSL.

Longer less desirable answer: Client Side Crypto. Essentially forming your own SSL (crypto wise) using PKI (RSA) to share a symmetric key then sending the password over encrypted(AES) with said symmetric key.

This could still be worked around because you're missing the Certificate Authority part, and a few other things but it would stop the average fgt with wireshark.

Have I mentioned SSL?
« Last Edit: March 30, 2015, 04:03:16 pm by HTH »
Report to moderator   Logged
<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #2 on: March 31, 2015, 09:15:15 pm »
What HTH said, also lol SSL doesnt have the best name at this point in time :P
Report to moderator   Logged
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Mmwwaaaa

  • Serf
  • *
  • Posts: 20
  • Cookies: 6
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #3 on: April 01, 2015, 04:26:01 am »
You have, Yes. SSL sounds great....To me. Not to all.

Say a multi national company was to HTTP. They care not for SSL.. Basically my situation.

Regards,
Report to moderator   Logged

Offline HTH

  • Official EZ Slut
  • Administrator
  • Knight
  • *
  • Posts: 395
  • Cookies: 158
  • EZ Titan
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #4 on: April 01, 2015, 10:30:42 am »
Then you smack whoever you need to around until they accept SSL/TLS...
Report to moderator   Logged
<ande> HTH is love, HTH is life
<TurboBorland> hth is the only person on this server I can say would successfully spitefuck peoples women

Offline Teapot

  • Peasant
  • *
  • Posts: 127
  • Cookies: -2
  • E-Book Whore
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #5 on: April 01, 2015, 04:14:50 pm »
I assume their issue with SSL is the Heartbleed vuln from a year or two ago?

Assure them that SSL/TLS is very secure and that while nothing is completely secure it is your best option and very trusted.
Report to moderator   Logged

Offline Mmwwaaaa

  • Serf
  • *
  • Posts: 20
  • Cookies: 6
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #6 on: April 02, 2015, 02:13:06 am »
First rule, Never Assume.
Report to moderator   Logged

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Preferred way to obfuscate passwords over HTTP?
« Reply #7 on: April 02, 2015, 11:59:15 am »
Use long passwords in combination with scrypt :)
Report to moderator   Logged
~Factionwars
Pages: [1]