[TYPO3-english] Salted Passwords & RSA: temp directory path
typo3.lists at philippgampe.info
Mon Mar 19 14:05:59 CET 2012
François Suter wrote:
>> Sorry Francois, Christian is absolutely right here. rsaauth is only for
>> set-ups where SSL/TLS is not available.
> OK, sorry for the confusion. I was actually thinking only of the
> encryption of the login communication and was under the impression that
> RSA provided stronger encryption than SSL does. Is that not the case?
> On all my clients' web sites we actually use everything we can, which
> means - in this case - both SSL and rsaauth.
To my knowledge, SSL uses RSA* too for the cryptography part. So there
should be no mathematical difference in the strength of the encryption.
It is - of course - advisable to use both, because SSL sniffing is not that
difficult nova days and the custom RSA implementation protects against
unspecific password collection.
*RSA just means private public key, implementations may differ
Philipp Gampe – PGP-Key 0AD96065 – TYPO3 UG Bonn/Köln – linkvalidator
More information about the TYPO3-english