Is asymmetrically encrypting passwords using JavaScript viable?

Question

I would like to use JavaScript to encrypt a user's password and username when they login (using Ajax). I know there exist several asymmetric encryption libraries for JavaScript. Is this a viable strategy for safely communicating passwords?

I understand that SSL exists, but that is not the question.

Answer 1

Step one: don't trust people on the internet, I will propose a weak algorithm to ensure I can break it.

Step two: Don't design your own algorithm, or implement anyone else's in a production system until you have a PHD in computer security

Encryption is not enough to protect against replay attacks, if an attacker get the encrypted password, it is of as much use to them as an unencrypted password if it is enough to authenticate.

I would suggest:

1. User enters there password
2. Client requests token from server
3. Server returns a unique random token, and stores this against the users session (keyed by cookie stored on the server)
4. The client encrypts the password + token using your public key and passes this to the server.
5. The server decrypts this, using your private key, and checks the token matches this session, has not been used before and is no older then 30 seconds.
6. The server checks the hash of the password matches the hash of the users password as stored in the datastore.

All data transmitted will still be visible, so the users will not gain any privacy ( as they would in https). Your encryption algorithm, encryption implementation and public key will be public. This is the case for a large amount of current cryptolagy, a large number of algorithms are designed to be secure with the attacker knowing this.

This will not protect against any keylogger or spyware attack, as they will target before the password is encrypted.

I have no knowledge of implementations of asymmetric encryption implemented in javascript but there is nothing fundamentally insecure in this approach.

Answer 2

You can use an algorithm such as the Secure Remote Password protocol to provide a zero knowledge proof that you know the password. An eavesdropper will not be able to use this to replicate your login. However, beware of an active attacker that replaces your Javascript code with something that transmits the password directly to him.

There are several Javascript implementations of SRP:

• srp-js
• Javascript Crypt Library

Answer 3

No. It makes no difference if the attacker gets the password or the encrypted password, both are sent to the server "unencrypted", so the encrypted password can be used to login.

JavaScript can't be used for security. You have to use HTTPS.

Answer 4

I don't think you'd have much to gain from doing this, certainly less than the performance hit such a mathematically intensive piece of JavaScript would impose. If you're using this to encrypt a piece of data before sending it to the server via HTTP, then while you'll have protected a hacker from discovering exactly what the password is, you wouldn't have stopped them from gaining access by simply running a replay attack with the same piece of encrypted data you've sent.

The only viable way to protect a form submission is to use HTTPS. I know setting HTTPS up is a hassle, what with the certificates that only work in one domain and all that, but if the information really is critical then it's a better investment of your time than trying to do encryption in JavaScript.