Ian Bicking: the old part of his blog

Comment

BUT why send the password in the cookie in the first place. It is so much easier (and IMHO more secure) to just store the password locally and send a session id in the cookie. That way you have the possibility to add more 'cookie' data as you go along without having to send it all in a cookie.
Beats encryption anytime.

Comment on Homebrew encryption
by Rob