encrypt input text without ssl

Question

          <form action="URL">
                <input type="text" size="40">
                <button type="submit">Send it</button>
         </form>

As I can before sending the form to the server encrypt text in inputs ?

You cannot encrypt data before it reaches the server. Thus, the purpose of SSL. — Cathedral Zealot, Aug 25 '13 at 18:21
Why would you encrypt form input on a site that is not secured with SSL? — Bergi, Aug 25 '13 at 18:36

score 1 · Accepted Answer · edited May 23 '17 at 10:32

1

You can encrypt it but it won't be as secure as you might think, since you are encrypting it on the client side there is no way you can safely hide your hash key. It would make it harder for man in the middle attack but not impossible.

EDIT: take a look at this Is it worth hashing passwords on the client side

edited May 23 '17 at 10:32

Community

1
1

answered Aug 25 '13 at 18:19

ama2

2,611
3
20
28

I am at a loss, how to me to change the text sent by a form on the ciphered? – John Stiks Aug 25 '13 at 18:48

takwlasnie · Answer 2 · 2013-08-25T18:41:35.590

1

@ama2, @Cathedral Zealot, He can send to user public key, encrypt password using public key and then (on server side) decrypt it with private key and store hashed. It's the best solution when you don't use ssl certificate. But if attacker send his own private key and send it back to himself then he will be able to decrypt user's password.

That's all point of ssl certificates - to confirm origin of public keys.

I'd recomend OP using cheap or free certificates instead of this kind of methods vulnerable for man in the middle attacks and cross scripting.

edited Aug 25 '13 at 18:41

answered Aug 25 '13 at 18:31

takwlasnie

99
4

Is there free for life ssl certificate ? – John Stiks Aug 25 '13 at 18:42
1

Check this website http://www.startssl.com/ and please try use google in future – takwlasnie Aug 25 '13 at 19:37

encrypt input text without ssl

2 Answers2