Hide/Encrypt values passed from HTML to Javascript?

V

Vitali2011-06-26 15:55:08

XMPP

Vitali, 2011-06-26 15:55:08

I'm making a small chat based on the XMPP protocol and the StropheJS library.
The problem is that StropheJS accepts all passwords exclusively in clear text, which makes me nervous, so it’s enough to look at the source code to see the user’s password, and there’s no desire to store user passwords in clear text either, you understand.
Question - How to hide or encrypt the password so that Strophe can still connect.
A small picture designed to clarify what I mean.

In the
future, this chat will be implemented in one project with a full database where the passwords will be stored as a hash, SHA-1 or similar and they will have to be transmitted somehow to Strophe.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

A

Alexey Sundukov, 2011-06-26
@alekciy

If the goal is protection against interception, then the most reasonable thing is HTTPS.

S

Sergey, 2011-06-26
@butteff

The algorithm is as follows:
1. Encrypt the password, for example, in MD5. It can be three times for imaginary reliability
2. Send a hash
3. Compare the sent hash with the password hash from the
database googled the link, it can help: jscript.ru/archives/8

M

mark_ablov, 2011-06-26
@mark_ablov

this is difficult, because md5-hash for authentication is taken not only from the password.

I

iStyx, 2011-06-27
@iStyx

Use HTTPS. What difference does it make whether an attacker intercepts the password itself or its hash?