Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
password encryption
- Thread starter toolkit
- Start date
This is a simple version that is hackable but probably one of the best ways of doing this on the client side (another solution is using RSA with JS but that is costly on the cpu. About 30 seconds worth for a simple password).
HOWEVER!!!
Passwords should be on the server side only as this is uncontested by anybody that knows anything about security.
If you have your passwords like this on sent to the client side it would take me about 1 hour to crack one password. It slows me down but it does not stop me.
This type of encryption is good if you want to check that no bad words are being sent in a form element but that is about the only usage I would have for it.
function encrypt(password)
{
var checkSum = 0;
var multiplier = 1;
for (var i = 0; i < password.length; i++)
{
checkSum += (password.charCodeAt(i) * multiplier);
multiplier *= 3;
}
return checkSum;
}
function checkEncrypt(password, encryptedPassword)
{
return (encryptedPassword == encrypt(password))
}
var passwords = [4687]; // this is an array containing only my name "Gary"
alert(checkEncrypt("gary", passwords[0]))
Don't sue me if this gets hacked.
By the way I need to mention this script is based on trollacious's post thread216-30164 Gary Haran
HOWEVER!!!
Passwords should be on the server side only as this is uncontested by anybody that knows anything about security.
If you have your passwords like this on sent to the client side it would take me about 1 hour to crack one password. It slows me down but it does not stop me.
This type of encryption is good if you want to check that no bad words are being sent in a form element but that is about the only usage I would have for it.
function encrypt(password)
{
var checkSum = 0;
var multiplier = 1;
for (var i = 0; i < password.length; i++)
{
checkSum += (password.charCodeAt(i) * multiplier);
multiplier *= 3;
}
return checkSum;
}
function checkEncrypt(password, encryptedPassword)
{
return (encryptedPassword == encrypt(password))
}
var passwords = [4687]; // this is an array containing only my name "Gary"
alert(checkEncrypt("gary", passwords[0]))
Don't sue me if this gets hacked.
By the way I need to mention this script is based on trollacious's post thread216-30164 Gary Haran
- Thread starter
- #3
Another related issue I just thought of:
How on earth can you perform a 'change password' securely. This cannot be encrypted before posting, as this surely needs to be presented to a changePassword Java method in unencrypted form? As far as I can see, the only way to truly secure passwords would be:
1) Use a secure connection?
2) Use an Applet?
Hmmm :-( Neil
How on earth can you perform a 'change password' securely. This cannot be encrypted before posting, as this surely needs to be presented to a changePassword Java method in unencrypted form? As far as I can see, the only way to truly secure passwords would be:
1) Use a secure connection?
2) Use an Applet?
Hmmm :-( Neil
Applet is better as you could use better encryption (faster too) But you can download the applet on your machine and disassemble it to see the code. This can be dangerous if your code is not very good (no usage of RSA or another really excellent encryption method).
option 1) is my recommendation. Gary Haran
option 1) is my recommendation. Gary Haran
- Status
Similar threads
