Open BShadeWork opened 6 years ago
I understand the way it works but I don't think this is really needed. This will indeed require some javascript and crypto code to encrypt/decrypt on the fly.
I set this to a very low priority.
Yes agree low priority, but is just that I have come across a similar case (web site authentication) and I had to implement this kind of encryption to fix it. I don't think I need it (yet) for self-service-password in my current usage, and if I do I will submit it. Thanks
Generally https/SSL is good enough, but when used in public places/computers client side 'hashing' would be nice for this otherwise a quick click on F12/network and anyone can log the client side passwords with no special software.
So (as per https://stackoverflow.com/a/45232435 or similar at https://medium.com/@tikiatua/symmetric-and-asymmetric-encryption-with-javascript-and-go-240043e56daf but not using go!) some kind of client side encryption with public key and asymmetrical key would be good so the password are not 'stored' or 'sent' in plaintext at the client.
Thoughts?