Another form of encrytion? "Not SSL"

[Leon]

How can I encrypted data sent across my website from web forms without using
SSL?
Such as on Login the user enter "EmailAddress" & "Password" and Simply
Registration Form
in which the user creates a Password, FirstName, LastName, etc.
I see site like Careerbuilder and Monster allow user to register, login, and
retrieve a lost password
without using a SSL connection "I Know anytime you deal with credit card
info you need a SSL.
Thanks!

[Daniel Fisher\(lennybacon\)]

You can use a javascript BigInt to encrypt dat before it's send and decrypt
it using BitInt in C# when it's submited.

--
Daniel Fisher(lennybacon)
MCP C# ASP.NET
Blog: [url]http://www.lennybacon.com/[/url]



"Leon" <vnality@msn.com> wrote in message
news:OJ$al9pvEHA.2568@TK2MSFTNGP11.phx.gbl...

> How can I encrypted data sent across my website from web forms without
> using SSL?
> Such as on Login the user enter "EmailAddress" & "Password" and Simply
> Registration Form
> in which the user creates a Password, FirstName, LastName, etc.
> I see site like Careerbuilder and Monster allow user to register, login,
> and retrieve a lost password
> without using a SSL connection "I Know anytime you deal with credit card
> info you need a SSL.
> Thanks!
>

[Joerg Jooss]

Leon wrote:

> How can I encrypted data sent across my website from web forms
> without using SSL?
> Such as on Login the user enter "EmailAddress" & "Password" and Simply
> Registration Form
> in which the user creates a Password, FirstName, LastName, etc.
> I see site like Careerbuilder and Monster allow user to register,
> login, and retrieve a lost password
> without using a SSL connection

So what makes you even think these sites are secure?


--
Joerg Jooss
[url]www.joergjooss.de[/url]
[email]news@joergjooss.de[/email]

[Robert Hurlbut]

Leon,

If there is no SSL being done on the form, then your information is more
than likely sent clear text. Now, they could be using SSL with a form post,
which would be secure, and you can tell this through "view source" on the
page. Even with SSL, though, just because the lock is there in the corner
doesn't always mean it is valid. You still have to check it.

Also, if you are able to get your password back from any site without them
re-generating a temporary password, then that site is probably storing your
password in clear text, or at best encrypting it with some key they use to
decrypt it. Ideally, you want the site to use a salt and one-way strong hash
to store your password, which means you can't ever retrieve the same
password.

Robert Hurlbut
[url]http://weblogs.asp.net/rhurlbut[/url]
[url]http://www.securedevelop.net[/url]

"Leon" <vnality@msn.com> wrote in message
news:OJ$al9pvEHA.2568@TK2MSFTNGP11.phx.gbl...

> How can I encrypted data sent across my website from web forms without
> using SSL?
> Such as on Login the user enter "EmailAddress" & "Password" and Simply
> Registration Form
> in which the user creates a Password, FirstName, LastName, etc.
> I see site like Careerbuilder and Monster allow user to register, login,
> and retrieve a lost password
> without using a SSL connection "I Know anytime you deal with credit card
> info you need a SSL.
> Thanks!
>

[Leon]

So is it easy for a hacker to get personal information sent in clear text
across the web.

"Leon" <vnality@msn.com> wrote in message
news:OJ$al9pvEHA.2568@TK2MSFTNGP11.phx.gbl...

> How can I encrypted data sent across my website from web forms without
> using SSL?
> Such as on Login the user enter "EmailAddress" & "Password" and Simply
> Registration Form
> in which the user creates a Password, FirstName, LastName, etc.
> I see site like Careerbuilder and Monster allow user to register, login,
> and retrieve a lost password
> without using a SSL connection "I Know anytime you deal with credit card
> info you need a SSL.
> Thanks!
>

[Joerg Jooss]

Leon wrote:

> So is it easy for a hacker to get personal information sent in clear
> text across the web.

At least much easier than compared to using SSL ;-)

--
Joerg Jooss
[url]www.joergjooss.de[/url]
[email]news@joergjooss.de[/email]

[Leon]

but the network itself provide somewhat type of security during the process
of the clear text information passing across the web?

"Joerg Jooss" <joerg.jooss@gmx.net> wrote in message
news:OeW3Iu4vEHA.612@TK2MSFTNGP15.phx.gbl...

> Leon wrote:

>> So is it easy for a hacker to get personal information sent in clear
>> text across the web.

>
> At least much easier than compared to using SSL ;-)
>
> --
> Joerg Jooss
> [url]www.joergjooss.de[/url]
> [email]news@joergjooss.de[/email]
>

[Robert Hurlbut]

Anything sent over a network without SSL or some other form of encryption is
in "clear text" form and can be viewed through a standard network sniffer.

Robert Hurlbut
[url]http://weblogs.asp.net/rhurlbut[/url]
[url]http://www.securedevelop.net[/url]

"Leon" <vnality@msn.com> wrote in message
news:efEa7K6vEHA.2728@TK2MSFTNGP12.phx.gbl...

> but the network itself provide somewhat type of security during the
> process of the clear text information passing across the web?
>
> "Joerg Jooss" <joerg.jooss@gmx.net> wrote in message
> news:OeW3Iu4vEHA.612@TK2MSFTNGP15.phx.gbl...

>> Leon wrote:

>>> So is it easy for a hacker to get personal information sent in clear
>>> text across the web.

>>
>> At least much easier than compared to using SSL ;-)
>>
>> --
>> Joerg Jooss
>> [url]www.joergjooss.de[/url]
>> [email]news@joergjooss.de[/email]
>>

>
>

[Leon]

what' a network sniffer?
A Program that...

"Robert Hurlbut" <robert@nospam.securedevelop.net> wrote in message
news:u4jdse7vEHA.1308@TK2MSFTNGP09.phx.gbl...

> Anything sent over a network without SSL or some other form of encryption
> is in "clear text" form and can be viewed through a standard network
> sniffer.
>
> Robert Hurlbut
> [url]http://weblogs.asp.net/rhurlbut[/url]
> [url]http://www.securedevelop.net[/url]
>
> "Leon" <vnality@msn.com> wrote in message
> news:efEa7K6vEHA.2728@TK2MSFTNGP12.phx.gbl...

>> but the network itself provide somewhat type of security during the
>> process of the clear text information passing across the web?
>>
>> "Joerg Jooss" <joerg.jooss@gmx.net> wrote in message
>> news:OeW3Iu4vEHA.612@TK2MSFTNGP15.phx.gbl...

>>> Leon wrote:
>>>> So is it easy for a hacker to get personal information sent in clear
>>>> text across the web.
>>>
>>> At least much easier than compared to using SSL ;-)
>>>
>>> --
>>> Joerg Jooss
>>> [url]www.joergjooss.de[/url]
>>> [email]news@joergjooss.de[/email]
>>>

>>
>>

>
>

[Ken Schaefer]

program that captures and allows examination of packets travelling on the
network: eg [url]www.ethereal.com[/url]

Cheers
Ken

"Leon" <vnality@msn.com> wrote in message
news:%23eKcjF8vEHA.1292@TK2MSFTNGP10.phx.gbl...

> what' a network sniffer?
> A Program that...
>
> "Robert Hurlbut" <robert@nospam.securedevelop.net> wrote in message
> news:u4jdse7vEHA.1308@TK2MSFTNGP09.phx.gbl...

>> Anything sent over a network without SSL or some other form of encryption
>> is in "clear text" form and can be viewed through a standard network
>> sniffer.
>>
>> Robert Hurlbut
>> [url]http://weblogs.asp.net/rhurlbut[/url]
>> [url]http://www.securedevelop.net[/url]
>>
>> "Leon" <vnality@msn.com> wrote in message
>> news:efEa7K6vEHA.2728@TK2MSFTNGP12.phx.gbl...

>>> but the network itself provide somewhat type of security during the
>>> process of the clear text information passing across the web?
>>>
>>> "Joerg Jooss" <joerg.jooss@gmx.net> wrote in message
>>> news:OeW3Iu4vEHA.612@TK2MSFTNGP15.phx.gbl...
>>>> Leon wrote:
>>>>> So is it easy for a hacker to get personal information sent in clear
>>>>> text across the web.
>>>>
>>>> At least much easier than compared to using SSL ;-)
>>>>
>>>> --
>>>> Joerg Jooss
>>>> [url]www.joergjooss.de[/url]
>>>> [email]news@joergjooss.de[/email]
>>>>
>>>
>>>

>>
>>

>
>

[Leon]

But don't still need access to the network to use the sniffer, or can you
get to the network through [url]www.somename.com?[/url]

"Ken Schaefer" <kenREMOVE@THISadopenstatic.com> wrote in message
news:eGIy9P9vEHA.1308@TK2MSFTNGP09.phx.gbl...

> program that captures and allows examination of packets travelling on the
> network: eg [url]www.ethereal.com[/url]
>
> Cheers
> Ken
>
> "Leon" <vnality@msn.com> wrote in message
> news:%23eKcjF8vEHA.1292@TK2MSFTNGP10.phx.gbl...

>> what' a network sniffer?
>> A Program that...
>>
>> "Robert Hurlbut" <robert@nospam.securedevelop.net> wrote in message
>> news:u4jdse7vEHA.1308@TK2MSFTNGP09.phx.gbl...

>>> Anything sent over a network without SSL or some other form of
>>> encryption is in "clear text" form and can be viewed through a standard
>>> network sniffer.
>>>
>>> Robert Hurlbut
>>> [url]http://weblogs.asp.net/rhurlbut[/url]
>>> [url]http://www.securedevelop.net[/url]
>>>
>>> "Leon" <vnality@msn.com> wrote in message
>>> news:efEa7K6vEHA.2728@TK2MSFTNGP12.phx.gbl...
>>>> but the network itself provide somewhat type of security during the
>>>> process of the clear text information passing across the web?
>>>>
>>>> "Joerg Jooss" <joerg.jooss@gmx.net> wrote in message
>>>> news:OeW3Iu4vEHA.612@TK2MSFTNGP15.phx.gbl...
>>>>> Leon wrote:
>>>>>> So is it easy for a hacker to get personal information sent in clear
>>>>>> text across the web.
>>>>>
>>>>> At least much easier than compared to using SSL ;-)
>>>>>
>>>>> --
>>>>> Joerg Jooss
>>>>> [url]www.joergjooss.de[/url]
>>>>> [email]news@joergjooss.de[/email]
>>>>>
>>>>
>>>>
>>>
>>>

>>
>>

>
>