Password encryption while typing in a textbox

Question

0.00/5 (No votes)

See more:

Hi..
Is there any way where i can do the encryption while input values in a textbox??
I need to do Password encryption in client side and then have to store different encrypted value in the database for secure auditing.. Please help me out with this..

Posted 18-Aug-14 21:09pm

Sam Ferin

Add a Solution

2 solutions

Solution 1

Please refer my recent answer. It will be useful for you : Encrypt and decrypt data using symmetric key cryptography[^]

Regards..

Posted 18-Aug-14 21:14pm

Thanks7872

Comments

Sam Ferin 19-Aug-14 3:24am

Hi Rohan..
Thanks for your reply. But i should not send the password in plain text or encrypted format to the server,because the password can be captured using traffic monitoring.. Is therre any other way using script to encode it while typing the values in a password textbox??

Regards,
Sam Ferin S

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Accepted Answer · 2014-08-18T21:30:00

You could but it is useless.
Let's assume, you do it. First of all, you should encrypt the value of the filed only when it's not changed anymore, most algorithms won't tolerate this while you type. You could however encrypt the value using a javascript event handler just before the form is posted.
But haven't you wondered why this is not used? Because if you want to encrypt on client side, you need to have all logic and keys on client side, you need to send (when we speak of web) all logic and keys to the client side. If one can capture the encrypted text when travelling over http, that one can also capture the logic and keys also. Still, if you want to, just use a library like this: https://github.com/travist/jsencrypt[^].
So you better encrypt the communication, by using https.

On the other hand storing passwords in an encrypted form is a good practice. But not the best, you should not store passwords at all. You should be able to compare passwords but without knowing the password itself. How to do that? By using a good hash algorithm, and some "salt". This is a really good description of how to proceed: https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet[^]. This is also a good lecture: http://www.captechconsulting.com/blog/kevin-hazzard/best-practices-managing-customer-passwords[^]

I hope you will succeed in your project.