Re: Safely Transferring Information on the Internet

You could actually use javascript to provide client-side decription of the whole document and encription of the data to send back to the server.
A quick search pointed me to this implementation of DES in javascript. This is a symmetric cypher, which means both the server and the client must have a previously agreed-on key. The whole thing could also work transparently to the user if he put a javascript setting file in some local directory. This way, the encripted document could include the file via the <script src="..."> tag and use its contents (unless browsers decide to stop such behaviour).
I am not a real fan of javascript, after the compatibility nightmares I had to go through, but you have a chance to set-up something most evolved browsers support and use this as a filter on outgoing docs and incoming data on your server without having to reengineer your application.

Best regards

Antonio Bellezza

Comment on Re: Safely Transferring Information on the Internet

Replies are listed 'Best First'.
Re: Re: Safely Transferring Information on the Internet by BazB (Priest) on Aug 07, 2002 at 21:30 UTC
DES is considered laughable these days. You could probably find many programs that could brute force DES on a common PC in a respectable time. Look at PGP/GPG for easy public key encryption or consider symmetrical ciphers such as IDEA or Blowfish, any of the leading AES contenders - not just Rijndael - or something like RC5. There are plenty of good ciphers out there, DES should near the bottom of the list, just below Crypt::Rot26 (jeffa++ :-) Cheers. BazB	[reply]
Re: Re: Re: Safely Transferring Information on the Internet by abell (Chaplain) on Aug 07, 2002 at 22:45 UTC
DES is considered laughable these days. You could probably find many programs that could brute force DES on a common PC in a respectable time. You are right. I forgot to mention that the triple DES version should be used, which basically consists of three repetitions of DES with three different keys. It is significantly more secure than DES. Incidentally, the link I suggested has an implementation of both. Of course, the choice of this or any other algorithm (like the ones BazB suggests) should be done according to a number of technical considerations (security constraints, algorithm efficiency, existence of ready-made implementations, etc.). Best regards Antonio Bellezza	[reply]
FYI -- Triple DES by Rex(Wrecks) (Curate) on Aug 08, 2002 at 00:49 UTC
"I forgot to mention that the triple DES version should be used, which basically consists of three repetitions of DES with three different keys" Not quite right, it does use 3 different keys, but it performs: DES Encrypt with Key 1 DES *Decrypt* with Key 2 and finally DES Encrypt with Key 3. So it is a little trickier than reapeated DES :) "Nothing is sure but death and taxes" I say combine the two and its death to all taxes!	[reply]