/testudo

Encryption Libraries for Password Transfer in Web-Based Systems on an Unsafe Network

Primary LanguageC#MIT LicenseMIT

What is Testudo

Encryption Libraries for Password Transfer in Web-Based Systems on an Unsafe Network/Protocol (like HTTP)

Architecture

alt text

Manual

  • Hash password
  • Pass hashed value and password value to Testudo class instance.
  • Send encrypted value to server
  • Pass recieved value and hashed password stored on server-side to Testudo class instance
  • Use restroed value to Authenticate

Tips

  • It is better to concatenate parts of IP or machine name to key to make it client dependent.

Javascript

// on client-side
let encrypted = testudo().form(password, hashed_password)

// on server-side
let decrypted = testudo().unform(encrypted, testudo().getSeed(hashed_password, password))

Csharp

// on client-side
string encrypted = testudo.form(password, hashed_password);

// on server-side
string decrypted = testudo.unform(encrypted, testudo.getSeed(hashed_password, password));

Php

// on client-side
$encrypted = $testudo->form($password, $hashed_password);

// on server-side
$decrypted = $testudo->unform($encrypted, $testudo->getSeed($hashed_password, $password));

Python

# on client-side
encrypted = Testudo().form(password, hashed_password)

# on server-side
decrypted = Testudo().unform(encrypted, Testudo().getSeed(hashed_password, password))