...

View Full Version : JavaScript Kit Encrypted Password Generator Problem



muleee
09-16-2005, 10:04 AM
Hello guys,

i got problem with this script...When i write the password the page address doesn't come encrypted but with the "password".htm in the address bar......
I'll post the html code also if you could tell me where the problem is 10x in advance

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Enter password</title>
</head>

<body>

<script>

var pass=new Array()
var t3=""
var lim=8
pass[0]="zMnA9IWxvLwX45y"
pass[1]="wnHlLF8CoTzX75B"
pass[2]="y2pzB0xu7kZEjRw"
pass[3]="ba065as7Uhi9ObC"
pass[4]="8oQ9YZdJTLFYPCiJ"
pass[5]="23oQ9YZdJTLFYPCi"

var extension=".htm"
var enablelocking=0
var numletter="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
var temp3=''
var cur=0


function max(which){
return (pass[Math.ceil(which)+(3&15)].substring(0,1))
}

function testit(input){
temp=numletter.indexOf(input)
var temp2=temp^parseInt(pass[phase1-1+(1|3)].substring(0,2))
temp2=numletter.substring(temp2,temp2+1)
return (temp2)
}


function submitentry(){
t3=''
verification=document.password1.password2.value
phase1=Math.ceil(Math.random())-6+(2<<2)
var indicate=true
for (i=(1&2);i<window.max(Math.LOG10E);i++)
t3+=testit(verification.charAt(i))
for (i=(1&2);i<lim;i++){
if (t3.charAt(i)!=pass[phase1+Math.round(Math.sin(Math.PI/2)-1)].charAt(i))
indicate=false
}
if (verification.length!=window.max(Math.LOG10E))
indicate=false
if (indicate)
window.location=verification+extension
else
alert("Invalid password. Please try again")
}
</script>



<table border="1" cellspacing="0" cellpadding="0" bgcolor="#FFFFBD">
<tr>
<td width="100%"><form name="password1"><div align="center"><center><p><strong>Enter password: </strong><input
type="text" name="password2" size="15"><br>
<input type="button" value="Submit" onClick="submitentry()"></p>
</center></div>
</form>
</td>
</tr>
</table>
</body>

</html>

Philip M
09-16-2005, 07:06 PM
I am afraid that this is a waste of time. Password scripts using JavaScript are useless, as anyone can simply read the source code.

All passwords should be checked/verified server-side.

rm-f
09-16-2005, 09:54 PM
use https, or VPN or ...

muleee
09-16-2005, 10:02 PM
10x for advice but if u could tell me why i don't get the desired result i would be grateful.10x in advance.
If u got other script or something i can use for protecting pages plz post here.

felgall
09-16-2005, 11:35 PM
My page http://www.felgall.com/javatip4.htm discusses methods of password protecting a page and includes instructions for the two Javascript methods that are hardest to crack.

Philip M
09-17-2005, 08:39 AM
If by "protecting a page" you mean preventing the user from copying your code, then that is impossible. The best you can do is make it harder and slow them down, which may very well deter many people, but may act as a challenge to others. Anyone with some coding expertise can soon break through Felgall's protection schemes (as Felgall admits).

If you mean preventing someone who does not have the password from accessing your page in the first place, then you should study Borgtex's solution at

http://www.codingforums.com/showthread.php?t=10114

muleee
09-17-2005, 08:30 PM
10x all people,u really helped me,keep on good working all.

TNO
09-18-2005, 07:58 AM
I prefer this method for password protection:


function OneWay(S) { var j, x, y = 2e50
x = '0.'+parseInt(S.value, 36)
with (Math) { for (j=0;j<10;j++) x = tan(1+x+x*y%1)%1 }
return ((x+1)/2).toString(36).substring(2) }

This is a one way function that should work the same on all systems (if Math.tan() is the same on all systems)

Here its impractical to deduce the password even if the encoded form is known.

The returned string can then be used directly as part of the URL :


window.location.href = 'dir/X' + OneWay(Pswd) + '.htm'

The author chooses the password, and from it determines the URL needed; have no other pages there with names starting 'X'.

Note that the "hidden" URL will be discoverable once the correct password is used.

To help show the security of this method:

Can anyone decrypt this sample password?


jokqdbmyoqkp

~Credit goes to J R Stockton for the general idea.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum