http://www.kb.cert.org/vuls/id/180876
Base64 encoding is just that: encoding. It's a way to ensure that text with strange characters can be sent on the wire in an unambiguous, portable manner. It is not, and was never meant to be, encryption. There is no added security by encoding a password with base64. Just like there is no added security by encoding a password with rot13. It is no more than obfuscation; perhaps less than obfuscation since base64 on the wire sticks out and says, "Hey, look at me!" Taking an authentication mechanism that is secured by real encryption and sending it back out in plaintext (or, equivalently, encoded with base64) is ridiculous.
So don't ever do that.
Showing posts with label encoding. Show all posts
Showing posts with label encoding. Show all posts
Monday, January 28, 2008
base64-encrypt()
Posted by
egypt
at
Monday, January 28, 2008
Labels:
base64,
encoding,
encryption,
ridiculous
0
comments
Subscribe to:
Posts (Atom)