On Thu, Aug 12, 2004 at 01:56:53PM +0200, Marcel Weber wrote:
No, it doesn't mean that. Current browsers will cache the password, AFAIK
until the end of the session by default, and forever if you enable the
option "Remember this password" or similar.
The block size of the data to be encrypted has to come in chunks of 16
bytes. I always append random numbers to the credentials, ip and time
strings to the next 16 bytes before encryption. Like this, the attacker
cannot know or guess all of the content of the encrypted data, can he?
This makes things more difficult for the attacker, yes. Presumably your
code adds no random padding if the data already has the right length, but
still...
The trouble is, as far I figured out, that Crypt::Rjindael does not
return, when you try to decrypt an encrypted string that's, a. damaged or
b. encrypted with a different key. Don't know why.
This cannot be. Rijndael gets bits as input, and it outputs bits. The only
thing that will happen is that you'll get random-looking garbage if the
input is incorrect in some way. (I don't know what Crypt::Rjindael does.)