cookie encryption

[knowram]

I have been looking for a good simple tutorial about cookie encription. I have been useing the php setcookie function but I would like to encript the cookeis before I set them. Can anyone point me to a site?

 

Thanks a bunch

[fert]

read up on XOR encryption

[ToonMariner]

Alternatively NEVER send out any sensitive information in a cookie. If you have a site that deals with finacial transactions or contacting others (where legal action could ensue) then require users to login on each visit.

[knowram]

I don't think just having them logon is good enough the info can still be intersepted and read. That is what I am trying to avoid. Idealy I would like to have every bit of info that is sumited in a form encripted in som way so that it can't be read by somone with a packet sniffer. I don't know if this is even posible without just using SSL.

 

 

[ToonMariner]

Every piece of info that traverses the web is availabel for interception.  SSL uses encryption keys that should not be available to anyone else as the 2 machines talk to each other and develop a temporary key based on their chat.

 

Any other method of encryption is open to decryrption in axactly the same manner as you would have to decrypt the info on your server to make any use of it.

 

You have to consider who important the info is, does it really need encryption, how secure does it have to be, does it matter if anyone gets this....

 

SSL is pretty secure anything else isn't end of.