Yes in my case, It is a third party requirement.
On Friday, September 26, 2014 10:53:39 PM UTC+5:30, Marvin Addison wrote: > > > SSL/TLS is mandate. Along with that I need to client-side password > encryption also. > > I encourage you to reconsider. I realize that may be difficult if the > requirements are dictated by a third party, but it's worth repeating > that this is most likely a bad idea. In particular the key management > issue is much harder than the cryptographic algorithm implementation: > > Successful key management is critical to the security of a > cryptosystem. In practice it is arguably the most difficult aspect of > cryptography because it involves system policy, user training, > organizational and departmental interactions, and coordination between > all of these elements. [1] > > If you can solve that problem in your encryption scheme, the code > changes in CAS will be trivial by comparison and something you ought > to be able to handle on your own. > > M > > [1] http://en.wikipedia.org/wiki/Key_management > > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > jasig-cas-user...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
