Java Script Text Encryptor

[Tacopopo]

I need to write a script for a text encryptor. So with an input box, and output with the encrypted text. I need to hse,forlooping and html. Thx. Will compare what I get with you giys.

[Philip M]

Sounds like homework! As a general rule, the people helping out in this forum don't write code for others (especially code that appears to be for homework), but try to help with fixing code that doesn't work. You may perhaps get someone to write this script for you, but you'll be far more likely to get help if you have made a substantial effort and written some code yourself. Then someone here will almost certainly help you correct/improve your work.

It is your responsibility to die() if necessary….. - PHP Manual

[Tacopopo]

I wish I was in school. Im actually in the marines atm. Once im out this is what I want to,do. A,buddy of mine told me to do this to learn how to do lot more stuff.. My spellin is off bcuz my laptop is in my barracks. Ill post what I think needs to br done when I get back on base. Thx

[nomanic]

do you want to make something yourself? or get hold of some code that will do it? there are lots of functions on the web for encryption, if you want to make it yourself theres no end of methods

[Tacopopo]

I really just need a format or tell me what the function is . Just need a small push

[Philip M]

Quote:

Originally Posted by Tacopopo

I really just need a format or tell me what the function is . Just need a small push

What sort of encryption? Straightforward Ceasar or what? Encryption can be very sophisticated, and there are dozens of different methods. And what will be the use to which the encrypted output will be applied? Remember that using Javascript only you (and no-one else) will be able to see the result! That does not seem to be very useful.

[Tacopopo]

Something simple.just a steppn stone

[Old Pedant]

One thing you need to understand: If you write your encryption using JavaScript, then ANYONE who can access your web page can look at the code and see what you have done and then easily decrypt your encrypted text. Effective encryption *MUST* be done server-side, not in the browser.

But if this is just an exercise in learning, and if your want (say) some very very simple encryption scheme just for fun, then yes, it's easy to do in JavaScript.

A substitution cypher is about the simplest possible one. That is, where you simply exchange each character for another. The kind of thing you see in puzzle magazines all the time. Is that adequate?

One step up from that is a variable substitution cypher, where you have a "secret" (won't be secret if the code is written in JavaScript, of course, but other than that...) keyword or key phrase. And you cycle through that keyword as you encrypt the message, so that (example only) "a" becomes "x" in the first position but "a" becomes "3" in the second position, and so on. See here:
http://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher

So...(a) how strong a cypher do you want? (b) do you care about it being trivial to "break" a cypher when the JavaScript code is known?

[felgall]

Quote:

Originally Posted by Old Pedant

One thing you need to understand: If you write your encryption using JavaScript, then ANYONE who can access your web page can look at the code and see what you have done and then easily decrypt your encrypted text. Effective encryption *MUST* be done server-side, not in the browser.

That is not true. A true encryption algorithm is just as hard to decrypt in JavaScript as it is server side. The problem is that most people get obfuscation, hashing, and encryption confused.

Obfuscated code can be easily read. Hashing isalmost always pointless in JavaScript. Encryption may be useful but cannot be done in just a few dozen lines of code.

Take a look at the cipher section at http://code.google.com/p/crypto-js/ for several examples of completely secure JavaScript encryption scripts. Note that thisprovides a 118k zip file of the various code. When decompressed for use with a web page even the smallest encryption script is going to be several kb in size. The last time I checked the Rabbit Cipher was the smallest at just over 5k of code.

[Old Pedant]

Yes, I oversimplified. But he *did* say he wanted "just a stepp[ing] stone."

Not at all familiar with Rabbit Cipher, but from my quick reading of it, it looks like it uses the same key for encryption and decryption. How is that secure in a JavaScript implementation? I would think you would at least need a public key/private key system if you wanted to do it in JS?

[Philip M]

This very simple script might help move you forward.

Code:

<html>
<head>
</head>
<body>

INPUT <input type = "text" id = "in" size = "50" onkeyup = "encrypt()">
<br>
OUTPUT <input type = "text" size = "50" id = "out" readonly>

<script type = "text/javascript">

var A = " abcdefghijklmnopqrstuvwxyz";
var B = " qwertyuiopasdfghjklzxcvbnm";  // the corresponding characters
var Alen = A.length;

function encrypt() {
var enctext = "";

var txtin = document.getElementById("in").value.toLowerCase();  // make all lower case
var Tlen = txtin.length;
for (var j = 0;  j < Tlen; j++) {
for (var i = 0;  i < Alen; i++) {
if (A.charAt(i) == txtin.charAt(j)) {
enctext += B.charAt(i);
}
}
}

document.getElementById("out").value =  enctext;
}


</script>

</body>
</html>

But once again, only YOU will be able to see the result!

You will find more complicated substitution ciphers at

http://www.java2s.com/Code/JavaScrip...JavaScript.htm

[rnd me]

Quote:

Originally Posted by Old Pedant

One thing you need to understand: If you write your encryption using JavaScript, then ANYONE who can access your web page can look at the code and see what you have done and then easily decrypt your encrypted text.

not even remotely true. encryption is about the math and physically protecting the secret key. javascript does math just like any other language.

so if ANYONE can do it, here's the full source, i'll be darned impressed if YOU can provide me a clear text copy of either the password or the message:

Code:

<html><title>Encoded Message</title><body style='margin: 0px; overflow:hidden; position:absolute; width:100%; height: 100%; white-space: pre;' ><textarea  id='t1' name='t1' rows='50' cols='210'  style='font-family:Tahoma, sans-serif; font-size:120%; position:absolute; left:0px; top: 0px; width:100%; height:100%; wrap: virtual'></textarea> <script> eval( unescape( "function%20jcipher%28p%2Cs%29%7Bvar%20i%3D0%2CP%3D0%2CK%3D0%2Cb%3D%22%22%2CMax%3D0%2Cd%3D%5B%5D%3Bif%28p.slice%280%2C3%29%3D%3D%22zz%2C%22%29%7Bvar%20slen%3Ds.length+1%3Bd%3Dp.split%28%22%2C%22%29%3Bp%3D%22%22%3Bvar%20junk%3Dd.shift%28%29%2CScc%3DString.fromCharCode%3BMax%3Dd.length%3Bvar%20tr%3D%5BMax%5D%3Bfor%28var%20i%3D0%3Bi%3CMax%3Bi++%29%7BP%3Dd%5Bi%5D%3BK%3Ds.charCodeAt%28i%25slen%29%3Btr%5Bi%5D%3DScc%28P%5EK%29%3B%7Dreturn%20tr.join%28%22%22%29%3B%7Dreturn%20false%3B%7D%0A" ) ); 
var enc='zz,11 ,13,13,2,8,69,26,10,114,15,12'
 if (typeof PW == 'undefined'){var PW = prompt('Enter The Password for this Document:')};
 if (PW.length){ document.getElementById('t1').value=jcipher(enc, PW); };
</script></body></html>

it's tongue in cheek demo data, guessable perhaps, but not crackable.

this was created using my old crypto project, viewable at http://danml.com/pub/crypto.htm ...

the cool thing about the cipher, based off of a KGB description, is that a succsessful decryption cannot be proven; you can't know that the message you "found" is the one actually sent.

[Richter]

To rnd me,
Your encryption function seem good but is it fix length of password ?

Code:

var enc='zz,11 ,13,13,2,8,69,26,10,114,15,12';
var PW = "Testing encode password";
var Enc = jcipher(enc, PW); //_h~va+}*\x17ao
var Dec = jcipher(enc, Enc); //"Testing enc"

[Old Pedant]

It's a good one, rndme. I think I could crack it, but it would take a lot of time.

I think perhaps I need to clarify what I've been trying to say: If the code *ALONE* can encrypt/decrypt something, then it's insecure. Because for that to happen, the keyword must be embedded somewhere in the code.

Even the Vigenere cipher is strong enough for all practical purposes if the user must supply the key (and if the key is long enough).

[rnd me]

Quote:

Originally Posted by Richter

To rnd me,
Your encryption function seem good but is it fix length of password ?

Code:

var enc='zz,11 ,13,13,2,8,69,26,10,114,15,12';
var PW = "Testing encode password";
var Enc = jcipher(enc, PW); //_h~va+}*\x17ao
var Dec = jcipher(enc, Enc); //"Testing enc"

no, the password repeats as needed. that's why long passwords are better.
i like to use guids because it's hard to see/detect even sucsessful decypts of the password, since it still looks like random data...

you are not using the code correctly in the snip above.
i wrote it before there were projects like crypto-js, so the argument order is different than the defacto standard of passing the encrytpted text as a key.

anyway, it works just fine once you know, and you were close. p is the phrase, and s is the secret password. it needs a slight cosmetic re-write i guess...


here is an example of using a longer phrase than password: (live demo)

Code:

function jcipher(p,s){var i=0,P=0,K=0,b="",Max=0,d=[];if(p.slice(0,3)=="zz,"){var slen=s.length + 1;d=p.split(",");p = "";var junk=d.shift(),Scc=String.fromCharCode; Max=d.length;var tr = [Max];for(var i=0;i<Max;i++) {P = d[i];K = s.charCodeAt(i % slen);tr[i]=Scc(P ^ K);}return tr.join("");}else{var slen=s.length+1;b="zz,";Max=p.length;var tr=[Max];for(i=0;i<Max; i++){P=p.charCodeAt(i);K=s.charCodeAt(i%slen);tr[i]=P ^ K;if(!(i % 40)){tr[i]+=" ";}}return b+tr.join(",");}return false;}

var data="this is my secret data. can you hear me now?";
var PW = "test123";

var enc = jcipher(data, PW); 
// enc==zz,0 ,13,26,7,17,91,64,32,25,28,83,7,84,81,65,101,0,69,23,21,69,83,29,32,23,4,29,84,72,93,70,32,28,0,18,6,17,95,86,32,26 ,10,4,75

jcipher(enc, PW); // == "this is my secret data. can you hear me now?"