[TYPO3-english] Salted Passwords & RSA: temp directory path

[Philipp Gampe]

Hi François,

François Suter wrote:

>> Sorry Francois, Christian is absolutely right here. rsaauth is only for
>> set-ups where SSL/TLS is not available.
> 
> OK, sorry for the confusion. I was actually thinking only of the
> encryption of the login communication and was under the impression that
> RSA provided stronger encryption than SSL does. Is that not the case?
> 
> On all my clients' web sites we actually use everything we can, which
> means - in this case - both SSL and rsaauth.

To my knowledge, SSL uses RSA* too for the cryptography part. So there 
should be no mathematical difference in the strength of the encryption.

It is - of course - advisable to use both, because SSL sniffing is not that 
difficult nova days and the custom RSA implementation protects against 
unspecific password collection. 

*RSA just means private public key, implementations may differ

Best regards
-- 
Philipp Gampe – PGP-Key 0AD96065 – TYPO3 UG Bonn/Köln – linkvalidator