[dokuwiki] Re: securelogin plugin

• From: Mike Frysinger <vapier@xxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Fri, 27 Mar 2009 12:09:09 -0400

On Friday 27 March 2009 02:56:54 Mikhail I. Izmestev wrote:
> Mike Frysinger пишет:
> > On Thursday 26 March 2009 14:13:23 Mikhail I. Izmestev wrote:
> >>     This plugin let you login securely without https. It's possible
> >> owing to encryption on client's side by using a public key. A private
> >> key is generated on server. For login is used AUTH_LOGIN_CHECK event.
> >
> > "securelogin" is a bad name.  considering you're using public keys to do
> > authentication, why not name it along those lines.  "public-key-login"
>
> No, to authentication used login and password, but password sends to
> server encrypted.

i didnt say the user/pass wasnt encrypted.  how exactly the later information 
is encrypted and exchanged doesnt matter so much as how the initial encrypted 
channel is created.  and as you said, that initial channel is done with public 
key encryption.  that doesnt mean everything is handled with public key 
encryption.  that isnt how ssh works either, plus it's kind of a poor 
encryption scheme if it did (the less cipher text posted with public keys the 
better).
-mike

• References:
  • [dokuwiki] securelogin plugin
    • From: Mikhail I. Izmestev
  • [dokuwiki] Re: securelogin plugin
    • From: Mike Frysinger
  • [dokuwiki] Re: securelogin plugin
    • From: Mikhail I. Izmestev

Other related posts:

• » [dokuwiki] securelogin plugin- Mikhail I. Izmestev
• » [dokuwiki] Re: securelogin plugin- Mike Frysinger
• » [dokuwiki] Re: securelogin plugin- Mikhail I. Izmestev
• » [dokuwiki] Re: securelogin plugin - Mike Frysinger

1. Home
2. dokuwiki
3. Archive
4. 03-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---