Hi
I am about to use a password protection on my site using the 'JavaScript Kit Encrypted Password Generator,' on this website.
I just wondered how secure this actually is. I appreciate it's not the ultimate in protection, but on a scale of 1-10 I just wondered how good it would be in keeping out most surfers?

Thanks
Stevie

what's_protected = 'stuff you're trying to hide'
desirable = 'desirable'

if (what's_protected == desirable) {
alert('protection inadequate')
} else {
alert('probably good enough')
}

:)

think of it this way: the browser obviously needs to see the code(in the same language as you can!). therefore, so can the user!

I have a few methods that can password protect data in client side javascript (without the wierd gate keeper methode things), although the most secure its kindove crude and requires a 50 digit password, Its uncrackable. I have another methode too that slightly less secure incription but uses a standard password instead of the 50 digit decription code. I am working on a new one that uses the less secure, but more friendly methode to incript the 50 digit password, wich incripts the page source, this will be good, and with a 8 digit password would take multiple months to decrack. Fortunately the best part of all of these, although most anoying, is that you pass for every password, accept that only one will decript the page into sensable text.

You can try my script: http://www.codingforums.com/showthread.php?s=&threadid=10114

Actually that script USES the gatekeeper idea... but in a very clever way. ;)

That's about as secure as you can get in javascript, anyway, since any visible source code can be reverse engineered - so the best you can do (which is generally the best you can do anyway, no matter what kind of encryption you use - because of hackers which may gain access to your server regardless) is make people guess the password... :D

hey wammy, weve had this argument already, but I bet I can give you a page/script that you can not crack into!!! in client side javascript even with many hours of trieng to brute force into

the part that uaually makes it the least secure is when there is a way to determine if the password is correct, if you simply dont do this there is no way to know whats the correct string to plug in to the function that will make html out a bunch of random looking text.

view this example of an encriptor of text to see the power of encription

http://kwhubby.8k.com/supcrip.htm

decript this

8%('j4l>$WuL=s7RA(7fSt2D3.xBDq|QeAc(Z;Qf00yf+L]QZQ4xh^-HSsF==[L>,V_,-NI>46TDy%LC`Mbg0.

keep all the number settings the same accept
with the replacement alpha bet being

j ]@WcaReI:i-2~t'(K4hbLAQ/+!n.9zV<N^f[X%>13sBpDugMx,Eq`ly|=0rP?;oGHY)*J6Fv$OSdC5ZUk7m_&T8w#


than press the decript button

its made so that all settings must be exactly acurate for it to work, and that you can't just figure out the script and quickly break it.


This could be used in a very secure, yet anoying password requirment, as I said I will be making a more user friendly formula that uses a smaller password, yet still is bullet proof

this is an example of a script that I can't figure a way to reverse without long periods of time, for long passwords (eg 11 chars); up to years of computer proccessing.



go here (http://kwhubby.8k.com/sd.htm)


this is small and relatively simple to break, only about 6 hours to get to the password being " asdf "
you can break this one by making a loop scanning through the 26 letters in a combonation, decripting and then searching for <html> in the begening of the decripted result, that would determine if the password was good.

this was basically a password encription thing thats in a programm, that I than just twisted and pumped up the script and stuff

Thanks for all your advice guys - much appreciated. Not sure however that i entirely understood all of what some of you were talking about ..lol( not being an expert) however thanks for help

Stevie