Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Password Security Issue
30 views
Skip to first unread message
7ab10
Oct 11, 2024, 11:07:16 AM10/11/24
to Clipperz
Hi
Clipperz seems very interesting to store password, but I didn't understand this:
If the user and password are sent cripted to the server, and then stored into the db, cant it be intersepted anyway and use it to retriveve info ?
If the user and password are sent cripted to the server, and then stored into the db, cant it be intersepted anyway and use it to retriveve info ?
If I sent Donald or kgjhjkghd what's the difference?
Who intercepet the string can anyway use it.
Where I am wrong ?
145...@gmail.com
Oct 15, 2024, 11:59:52 AM10/15/24
to job...@gmail.com, Clipperz
Hi,
the password or passphrase is never transmitted to the server and is not stored. The encrypted data is retrieved from the server based on the entered username and then decrypted on the client using the passphrase. For further information have a look at https://clipperz.is/security_privacy
Best regards
Christian
the password or passphrase is never transmitted to the server and is not stored. The encrypted data is retrieved from the server based on the entered username and then decrypted on the client using the passphrase. For further information have a look at https://clipperz.is/security_privacy
Best regards
Christian
--
You received this message because you are subscribed to the Google Groups "Clipperz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clipperz+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/clipperz/785132b5-977e-473d-8344-3229189e873dn%40googlegroups.com.
Johan Stuyts
Oct 15, 2024, 11:59:57 AM10/15/24
to Clipperz, 7ab10
The username and password are not sent to the server. What is sent is a proof that you know both of them.
I do not know the exact details, but I am pretty sure the proof is based on a unique challenge that the server sent to your browser. This way the proof cannot be used to sign in as you in another browser.
Op Fri, 11 Oct 2024 16:44:54 +0200 schreef 7ab10 <job...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "Clipperz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to clipperz+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/clipperz/785132b5-977e-473d-8344-3229189e873dn%40googlegroups.com.
--
Kind regards, Johan
giulio...@gmail.com
Oct 16, 2024, 5:22:34 AM10/16/24
to j.st...@javathinker.com, Clipperz, 7ab10, 145...@gmail.com
Hello Johan,
thanks for chiming in; the proof of the identity is based on the SRP protocol:
- https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
Thanks also to Christian for the correct link to the Clipperz site.
Cheers,
Giulio Cesare
> To view this discussion on the web visit https://groups.google.com/d/msgid/clipperz/op.2vk8omnyc4vsc3%40joan-jett.
thanks for chiming in; the proof of the identity is based on the SRP protocol:
- https://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
Thanks also to Christian for the correct link to the Clipperz site.
Cheers,
Giulio Cesare
Reply all
Reply to author
Forward
0 new messages