I am planning on using RC4 for some light security for my program to communicate via TCP/IP. Here is how I am planning to have it work.
User send their username to the server.
The server replies back with a random key that is encrypted with the users password.
The user then Decrypts the Key using their Password.
The user replies back with their password encrypted using the key that was just decrypted.
The server decrypts the package using the Key to verify the user.
Is this a some what decent light security measure? How would you rate this type of method? What would be a better method? I am thinking that this would not be half bad considering the password will never be transmitted in the clear but I want to make sure.
In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!