Hi guys,

I'm using this JS code I found online, but I want to know how to get the reverse effect of the encryption. Don't worry, I do know the limitations of this script!

Any help would be very gratefully appreciated.

Regards,
Chris

- - - - - - - - - -

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}

You won't be able to decrypt those values because they are a hash, not an encryption.

As an example, "abc", "bca" and "cab" all generate the same value (97 * 98 * 99 = 941094). Since order doesn't matter in multiplication, any combination of those three letters will give the same answer.

Likewise, given 941094 you could come up with several possible combinations:

2*3*3*7*7*11*97 = 941094
11*18*49*97 = 941094
77*97*126 = 941094
etc.

The problem is that there is more than one way to get the value 941094 by simply multiplying numbers.

In order to encrypt and decrypt data, you need a one-to-one function where every unique input has a unique output and vice versa.

Thanks for your reply, that's quite interesting... didn't realise that's what it was doing. Perhaps you might be able to suggest a better script? Ideally I want to encrypt the username and password stored in a MS Access database, so without the encryption key used on the page, the values are meaningless.

Thanks in advance for any suggestions.
Chris

I would suggest somthing other then JS for password encryption, unless you want to work somthing along the lines of MS Windows password list files and encrypt the password with the user name as the key (or is it the other way around?).

You may be able to get a .JS file (I would suggest to find a way to chipper the URL or deny direct access to the file, and only from the page URL you want it accesed from, and check in the headder of the *.JS file, otherwise you basicly have 100% compramised security. However, there is still security flaws here but I feel it is best to just not reveal them; coders will know them, little kids wanting to be script kiddies won't) to store passwords in it like MS Windows *.PWL files.

So the headder would be somthing along the lines of a modified 'break out of frames' script (see www.javascriptkit.com for example), mofify it so if it is on the correct page it results 0 exiting to the end of the page where the list is, if it is on an incorrect URL it displays somthing like "Sorry, that just won't work." then to access the main section of the file (password list), will be at the end of the file, where you would have "Name Password" or go one step up and encrypt the name with the passowrd.

Anyways, I hope you caught some of that and it made sense, but JS can only go so far in security then dies out on you.

Oh yeah, you will have to manualy edit the file to add/remove users...

Unless you make a series of files where the file name is the password.<extention> with the user name in the file, but that can easily become a slow process, and opening it up to a world of flaws if you are crawled.