Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By Queeq on
Hi.
Is there any module to enable secure login just using client-side javascript encryption? It would be very useful to have such option, because not everyone able to have dedicated IP address or pay for signed certificate.
An example of such login is here.
They use a script, which generates a random word, adds it to the password and hashes with md5. So we have a new hash (as well as random word) being sent every time user is logging in. IMO this is a very good protection against man-in-the-middle attacks. Also, because of not clear password hash being sent, it gets impossible to use md5 rainbow tables.
Comments
I know this is an old post,
I know this is an old post, but in case anyone in the future reads this, I do indeed have a module which uses javascript to double-hash the user's password before it is submitted during login (so passwords are not sent in the clear). Users w/o javascript can still log in normally.
http://drupal.org/project/safer_login
Of course, in regards to the original post, SSL encryption can't be beat, especially since it will protect all submissions, not just logins.
Thanks,
Richard