0

Ok. so, encrypted data is sent from the computer to the server and spread to other computers. And, let say there is a person in the middle attack?

Here is where I'm confuse; The client/server need to decrypt the data with the key, but if the key can be seen by the client computer then the attacker can see it in the data as well. The key can be encrypted, but another key would have to be sent un-encrypted. so how do you pass the "key" to decrypt the data?

So when I hear new chat system saying they are enprypted their client messages; I'm wondering, how are they doing it? When hacker can try to find the key in thier data and decrypt the message.

toastext
  • 325
  • 3
  • 12
  • Thx, but is there other methods? Because that what my program requires right now. But Ive been told that there are chat/encryption apps out that can passing data and, encryt and decrypt without the user manually storing/passing the key. how are they doing it? – toastext Apr 01 '16 at 20:16
  • I'm doing all that as well, and using tor will help make it more secure. I'm just trying to make it user friendly with the best possible encryption method. (: – toastext Apr 01 '16 at 20:35
  • Read about the `rsa` algorithm. – Luke Joshua Park Apr 01 '16 at 23:06
  • Cool, so you get one public key where everyone can see and private key that is sent using the private key and public key. how does the other end get the private key to decrypt? and isnt the key still visible to everyone? – toastext Apr 02 '16 at 01:57
  • 1
    You've misunderstood. Private key stays on the server, never moves. Public key is passed out. Data is encrypted with the public key but cannot be decrypted unless the private key is used. – Luke Joshua Park Apr 02 '16 at 02:00
  • oh ok, I see. thank you.^_^ Now I just need to find a encryption that works with JS and PHP. T^T – toastext Apr 02 '16 at 02:11
  • Use TLS. Javascript cant run its own crypto without being susceptible to mitm. You need an SSL certificate. – Luke Joshua Park Apr 02 '16 at 02:14
  • I have SSL. (: What is TLS? I was using crypto JS but Its a pain to get to work with PHP. – toastext Apr 02 '16 at 02:18
  • Then you dont need any of this. TLS is what HTTPS uses these days. If you are communicating over HTTPS then you dont need to do anything else. – Luke Joshua Park Apr 02 '16 at 02:19
  • Thank you so much Luke. (: I've been wonder how to go about this for a while now. I'm working on a user friendly group chat site to help people with depression find some one to talk to, and anyone who need privacy like jurnalist. so encryption is one of those thing that is important me and the website. I'm still new to programing so hope this works. ^^ – toastext Apr 02 '16 at 02:28
  • Best of luck to your project. – Luke Joshua Park Apr 02 '16 at 02:29

0 Answers0