P
P
Peter Artamonov2016-06-15 20:06:40
JavaScript
Peter Artamonov, 2016-06-15 20:06:40

Is there a tool for authorization on the site, with encryption, without https?

Good afternoon. I'm writing a small website that solves a rather narrow-minded problem. The pages are pretty heavily stuffed with javascript (flot, jqGrid, etc.). On the server side, in addition to these pages, there are python scripts that respond in json. It was necessary to add an authorization system for a small number of regular users. At the same time, there is no desire to get into https, because guests should also get to the same pages, but with reduced functionality. I started googling and found that I could not find a solution that seemed completely natural to me.
1. Given that I have only a few users, I can enter their passwords into the database simply from the console. Will they be there in the form of hashes (salted or not - the second question) or otherwise encrypted. For example, rsa. Only to be engaged in generating private keys for users - I consider it to be very redundant for this task.
2. On the login page, I ask for a password and hash it with a javascript function. You can not hash, but encrypt with a public key that is part of the same page.
3. The encrypted password (or its hash?) sent in the ajax request is somehow "folded" with the one in the database and I understand that the same "password" is the basis of both.
We can say that this is a slightly perverted version of the two keys. Public - one for all and it lies right in the body of the page. Private - everyone has their own and it is the password. Well, or something like what is described by eri here: https://toster.ru/answer?answer_id=681517 .
Tell me, maybe this is a well-known tool, but I can’t google it because of dullness? Where to dig?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
P
Peter Artamonov, 2016-06-16
@artp

I found it myself. Questions must be formulated correctly. What I have so indistinctly described is implemented in the standard way of "digital signature". For encryption and decryption, we use the El Gamal scheme. We use the user's password as a private key. We encrypt, for example, his login. We store the public-key in the database, having generated it using the password (private key) spoken on the phone, at the moment when the user was started. Algorithm implementations, for example, https://gist.github.com/mindoftea/624f769b193215c534ac

M
Max Kostikov, 2016-06-15
@mxms

Well here is a JS library for encrypting transmitted data.
https://github.com/travist/jsencrypt

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question