It's true that with MITM you could "poison" the javascript to steal the
key (cookie stealing style) but I think that it's a reasonable risk due
to the "non-enterprise" environment, in which the suite has been thought
for. Stealing the key requires a targeted attack MITM, in a precise moment.
I
> (MITM makes this useless)
Uhm... tell me why.
The PSK is never sent, neither by the client neither by the server.
But of course, this is an open project if you find bugs please report
them ;)
Bye,
Gerardo
signature.asc
Description: OpenPGP digital signature
JaPCrypt means Javascript and PHP Encryption.
JaPCrypt is a PHP class which purpose is to give encrypted
communications over HTTP by using server and client side scriptng like
PHP and Javascript.
This project has been started because not every hosting provider gives
HTTPS access, thus not ha