SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast David.A's Avatar
    Join Date
    May 2010
    Location
    Milky Way Galaxy
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Is this "encryption" any good?

    Today I was looking into a simple way to encrypt data without SSL, and as you've probably guessed, I came across JS MD5 encryption. However, I have this thing agaist using code that I don't understand, and this is one of those instances. So I figured taking the method it uses, I'd try my own little way, I invite you to figure out the original...

    Scenario:

    Say you're sniffing me (In a non-dog way ) and you get the information that at host.com I entered David.A and 16149119 as the user/password. So you go to host.com and find this JS code linked to the login.
    Code:
    function convert(x){
      var temp="";
      for(var i=0; i<x.length;i++){
        temp=temp+""+x.charCodeAt(i)*(x.charCodeAt(i)%8);
      }
      return temp;
    }
    
    function encrypt(pw, key){
    return abs(parseInt(convert(pw))-parseInt(convert(key)));
    }
    PW is the password, and KEY is a random PHP generated key.
    Can you crack it without using a table of some sort?

    BTW, if I was really concered about hackers, I'd use JS MD5, I'm just not that concerned.

  2. #2
    secure webapps for all Aleksejs's Avatar
    Join Date
    Apr 2008
    Location
    Riga, Latvia
    Posts
    755
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi!

    This is very weak encryption/hashing scheme. It has very linear structure meaning that intercepting just two different transmissions of the same password, it would be very easy to figure out the original password (or group of passwords that generate the same image). I really would suggest that in production you'd use time proven schemes (and FYI it is not recommended to use md5() for anything new any more).

    If you are not some sort of Chuck Norris of Cryptology it is bad idea to use your own designed cryptographic primitives in production. That being said - cryptography is excellent for "brain workouts", so I suggest you read this essay So you want to be a cryptographer.

  3. #3
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,869
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by David.A View Post
    Today I was looking into a simple way to encrypt data without SSL, and as you've probably guessed, I came across JS MD5 encryption.
    MD5 isn't encryption - it is a one way Hash.

    The ONLY way to encrypt data between the client and the server is using SSL. If you try to do it with JavaScript (and there are actual encryption scripts available) then you still need to be able to accept the pain text variant for anyone without JavaScript and so adding the encryption just makes it less secure rather than more because then there are two ways of sending the same data instead of one.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  4. #4
    SitePoint Enthusiast David.A's Avatar
    Join Date
    May 2010
    Location
    Milky Way Galaxy
    Posts
    66
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the responses. Although I agree with you, Stephen, because this is a not-so-important system with only a few users who will even know the links that are protected, I went with a slightly modified version of the above code.

  5. #5
    SitePoint Enthusiast
    Join Date
    Jun 2011
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It is not an encryption technique. it is only hashing the elements to randomize the elements in some way.
    You can use rsa algorithm for encrypting data.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •