Fri Sep 30 17:57:50 CEST 2011
On Fri, Sep 30, 2011 at 4:38 PM, <john.1.kemp@REDACTED> wrote:
> On Sep 30, 2011, at 9:04 AM, Joe Armstrong wrote:
>> I'm looking for "pairs" of crypto algorithms. I'm making a
>> web authentication framework and I want
>> to interact with Erlang versions written in the server.
>> So far I have got RSA and MD5 running in both JS and Erlang
>> I now want a decent symmetric encryption algorithm.
> How will you deliver the secret key to the browser such that the JS can encrypt securely for some period of time?
I won't - The following seems ok
1) the browser gets the RSA public key of the server. This is hard wired
or "well known"
2) the browser generates a random session key and encrypts it with
the server's public key.
3) the encrypted session key is sent to the server
4) Only the server can decrypt this key
5) both sides use the session key
> If you trust the server to deliver crypto code + key, why not trust the server to do
> SSL/TLS which will require less new code?
Because I haven't implemented SSL myself :-) - it's an opportunity to
learn a bit more
about number theory.
> - John
>> Any ideas?
>> I want both side to be reasonably efficient with non-restrictive
>> erlang-questions mailing list
More information about the erlang-questions