Blowfish

Do that whole login password setup. Encrypt everything text… I’ll try and figure out a way to encrypt pictures as well, but there’s really no point in doing that either. Images will be product images… I just don’t want the data will be useful at all. The page will be all managled anyways.
blowfish… the saviour.
Do the whole password login algo I thought of earlier… I should probably research that better.
So we know the following after we login:
$password
$date [from server, from original login]
hash($password + $date)
we could use the $blowfish->key($password);
$blowfish->decrypt whatever comes in afterwards.
on the server each server page will be:
echo $blowfish->crypt($bodytext);
Now the problem… how does the $blowfish->key($password) stay persistant on the client side??
Hmm… I think AJAX will actually be persistant. That’s not a bad situation what so ever. Server traffic intensive, and high overhead. But whatever. The trade off isn’t so bad.
JS on the clientside to decrypt blowfish…
PHP->sessions will allow for the persistance of decrypt methods.
Problem… how does one transmit the password in the first place? Hmmmmm… that’s an issue to me. Like when the account was created. That’s gotta be an issue which I gotta figure out. Cause changing passwords would be an issue as well.
[update]
I GOT IT!!!!!!!!!!!!!!!!
Setup login creation.
Ask for login, email.
email a random password to the client.
Client will then have to set a new password afterwards… but the random password will be used for the blowfish->key.

Leave a Reply

Your email address will not be published.