[TYPO3-english] Salted Passwords & RSA: temp directory path

Marcus Krause marcus#exp2011 at t3sec.info
Mon Mar 19 15:15:49 CET 2012


François Suter schrieb am 19.03.2012 13:33 Uhr:
> Hi,
>> Sorry Francois, Christian is absolutely right here. rsaauth is only for
>> set-ups where SSL/TLS is not available.
> OK, sorry for the confusion. I was actually thinking only of the
> encryption of the login communication and was under the impression that
> RSA provided stronger encryption than SSL does. Is that not the case?

Easy answer: it depends. ;-)

Have a look at https://www.ssllabs.com/ssldb/ and check your web servers.

You'll see that SSL/TLS provides a lot of configurations.

I'm actually not aware of the rsaauth implementation details, but ...
see below!

> On all my clients' web sites we actually use everything we can, which
> means - in this case - both SSL and rsaauth.

IMHO, with a securely configure SSL/TLS serverside and configuration
which does not allow bypassing SSL/TLS when it is needed (login,
credential transfer in general), it is not needed to have rsaauth
additionally installed.


More information about the TYPO3-english mailing list