Sending encryption keys as cookies

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
As I read about security it seems that the only secure way to encrypt
data is to not store the key anywhere on the server. So I have the user
manually type it in and it gets stored as a persistent cookie on their

In other words, when the log in, they are prompted for the key . the
key is then posted via a form to a php script which stores the key as a
cookie. Is this secure? Is there any loophole in doing it this way?

Re: Sending encryption keys as cookies

Quoted text here. Click to load it

Well there's always the possibility of packet sniffing  
( ) as long as you are using http.  
If you can set up an https server, then you can talk about secure. All data  
from client to server, including the encryption key is then already  
encrypted and can't be revealed by capturing packets like when using http.

"ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" -lpk | Gedoon-S @ IRCnet | rot13(xvzzb@bhgbyrzcv.arg)  

Site Timeline