On Friday 27 March 2009 02:56:54 Mikhail I. Izmestev wrote: > Mike Frysinger пишет: > > On Thursday 26 March 2009 14:13:23 Mikhail I. Izmestev wrote: > >> This plugin let you login securely without https. It's possible > >> owing to encryption on client's side by using a public key. A private > >> key is generated on server. For login is used AUTH_LOGIN_CHECK event. > > > > "securelogin" is a bad name. considering you're using public keys to do > > authentication, why not name it along those lines. "public-key-login" > > No, to authentication used login and password, but password sends to > server encrypted. i didnt say the user/pass wasnt encrypted. how exactly the later information is encrypted and exchanged doesnt matter so much as how the initial encrypted channel is created. and as you said, that initial channel is done with public key encryption. that doesnt mean everything is handled with public key encryption. that isnt how ssh works either, plus it's kind of a poor encryption scheme if it did (the less cipher text posted with public keys the better). -mike