encrypt input text without ssl [closed]


          <form action="URL">
                <input type="text" size="40">
                <button type="submit">Send it</button>
         </form>

As I can before sending the form to the server encrypt text in inputs ?

You can encrypt it but it won't be as secure as you might think, since you are encrypting it on the client side there is no way you can safely hide your hash key. It would make it harder for man in the middle attack but not impossible.

EDIT: take a look at this Is it worth hashing passwords on the client side


@ama2, @Cathedral Zealot, He can send to user public key, encrypt password using public key and then (on server side) decrypt it with private key and store hashed. It's the best solution when you don't use ssl certificate. But if attacker send his own private key and send it back to himself then he will be able to decrypt user's password.

That's all point of ssl certificates - to confirm origin of public keys.

I'd recomend OP using cheap or free certificates instead of this kind of methods vulnerable for man in the middle attacks and cross scripting.