http://daptivate.com/archive/2007/01/14/ajax-login-secure-without-ssl.aspx[ Update: January 15, 2007 ] For information about the live AJAX Login demo which implements the attributes described in this post see the third post in the series - Unique URLs and Live Demo . In Simplifying the Sign In Experience with AJAX , I brainstormedenCommunityServer 2007.1 (Build: 20917.1142)http://daptivate.com/archive/2007/01/14/ajax-login-secure-without-ssl.aspx#165Fri, 09 Feb 2007 04:01:11 GMTf0cfdaa5-25b1-4b7d-b7d3-40a26cc40c63:165Kyle<p>Thanks for the tip, Marco. &nbsp;Looks like you guys are doing some great stuff. &nbsp;I&#39;ll definitely give it a closer look.</p><img src="http://daptivate.com/aggbug.aspx?PostID=165" width="1" height="1">http://daptivate.com/archive/2007/01/14/ajax-login-secure-without-ssl.aspx#160Thu, 08 Feb 2007 08:47:39 GMTf0cfdaa5-25b1-4b7d-b7d3-40a26cc40c63:160Marco Barulli<p>Kyle,</p> <p>speaking of &nbsp;Ajax and cryptography, you might be interested in checking out the Javascript Crypto Library we developed at Clipperz. </p> <p>It has been recently released under a BSD license and you can access the source code from here:</p> <p><a href="http://code.google.com/p/clipperz">http://code.google.com/p/clipperz</a></p> <p>It presently includes:</p> <p>&nbsp; &nbsp;* SRP authentication protocol</p> <p>&nbsp; &nbsp;* SHA2 hash functions</p> <p>&nbsp; &nbsp;* AES symmetric encryption</p> <p>&nbsp; &nbsp;* Fortuna PRNG </p> <p>Coming soon:</p> <p>&nbsp; &nbsp;* elliptic curve cryptography</p> <p>&nbsp; &nbsp;* secret sharing schemes. </p> <p>Any contribution or suggestion is welcome!</p> <p>Regards,</p> <p>Marco</p><img src="http://daptivate.com/aggbug.aspx?PostID=160" width="1" height="1">