So say Eve wants to steal my email account, but I know that so I encrypt my password before sending it in a way that only I and the email provider knows how to decrypt. What prevents Eve from just copying all the bytes I send and send them as they are to login?
In: 18
Nothing prevents it. That’s why you shouldn’t do that.
Passwords should instead be transmitted over a secured channel (such as TLS) to prevent MitM, and then compared to a stored hash using a secure password-hashing algorithm.
TLS involves per-session keys and a stream cypher, so simply repeating the same encrypted bytes doesn’t work.
Latest Answers