Username and Password

Discussion in 'Javascript' started by rhumphri@silk.net, Oct 16, 2006.

  1. Guest

    I need a javascript that will accept the username "frederic" and the
    password "ozanam" on my page "member,html" that will allow those who
    input this data to access my page "member2.html".

    I had a script that did this but when I updated the page on which it
    resided I did not keep a copy of the javascript.

    If you can help me with the script and email it to me at
    I would be very grateful.

    And of course this time I will - I promise - back up my code!!

    Thanks, Reg
     
    , Oct 16, 2006
    #1
    1. Advertising

  2. Tom Cole Guest

    wrote:
    > I need a javascript that will accept the username "frederic" and the
    > password "ozanam" on my page "member,html" that will allow those who
    > input this data to access my page "member2.html".
    >
    > I had a script that did this but when I updated the page on which it
    > resided I did not keep a copy of the javascript.
    >
    > If you can help me with the script and email it to me at
    > I would be very grateful.
    >
    > And of course this time I will - I promise - back up my code!!
    >
    > Thanks, Reg


    This is really an insecure way to go. How secure do you actually need
    this page to be? Because using javascript for this would make it
    incredibly easy to hack...
     
    Tom Cole, Oct 16, 2006
    #2
    1. Advertising

  3. Tom Cole wrote:

    > wrote:
    > > I need a javascript that will accept the username "frederic" and the
    > > password "ozanam" on my page "member,html" that will allow those who
    > > input this data to access my page "member2.html". [...]

    >
    > This is really an insecure way to go. How secure do you actually need
    > this page to be?


    Contradictory to common belief, javascript passwords can be secure; it
    all depends on the underlying algorithm. The OP's major problem is that
    he can't safely crypt the redirect to member2.html, since that is
    something the javascript itself needs to decrypt somehow.
    A safe javascript password script:

    -----------------------------------------------
    CODE START
    -----------------------------------------------

    <html>

    <head>
    <title>Crypt</title>
    <script language="javascript">

    /***************************************************************
    * *
    * JAVACRYPT: CLIENT-SIDE crypt(3) USING JAVASCRIPT *
    * *
    ***************************************************************
    * *
    * This Javascript allows you to calculate the encrypted *
    * password generated by the UNIX function crypt(3) on your *
    * computer without using an online script in PHP, PERL, *
    * shell, or any other server-side script. The only changes *
    * you need make in this are in function dP(), which is right *
    * below the end of this comment. Refer to the directions *
    * there for details. *
    * *
    * I wish I could take full credit for this script, but there *
    * are several people who deserve most of the credit *
    * *
    * First and foremost, I thank John F. Dumas for writing *
    * jcrypt.java, a Java-based implementation of crypt(3) and *
    * from which this Javascript is heavily based (actually, I *
    * just did a direct port from his code, using Sun's tutorial *
    * and my knowledge of Javascript). I additionally thank *
    * Eric Young for writing the C code off which Dumas based *
    * his script. Finally, thanks goes to the original writers *
    * of crypt(3), whoever they are. *
    * *
    * If you have questions, I suggest you ask John Dumas about *
    * them, as I have no real idea what any of this code does. *
    * Base the questions off his source code, as Javascript and *
    * Java are (in basic operators) nearly identical. *
    * *
    * jcrypt.java source code can be found at: *
    * http://locutus.kingwoodcable.com/jfd/crypt.html *
    * *
    ***************************************************************/

    function dP(){
    salt = (document.CRYPT.PW.value).substring(0,2);
    pw_salt=this.crypt(salt,document.CRYPT.PW.value);

    document.CRYPT.ENC_PW.value=pw_salt[0];
    document.CRYPT.Salt.value=pw_salt[1];

    if (pw_salt[0] == 'H4bBU6qFGRa6w'){
    alert('good password') }
    else {
    alert('bad password') }
    return false;
    }

    function bTU(b){
    value=Math.floor(b);
    return (value>=0?value:value+256);
    }
    function fBTI(b,offset){
    value=this.byteToUnsigned(b[offset++]);
    value|=(this.byteToUnsigned(b[offset++])<<8);
    value|=(this.byteToUnsigned(b[offset++])<<16);
    value|=(this.byteToUnsigned(b[offset++])<<24);
    return value;
    }
    function iTFB(iValue,b,offset){
    b[offset++]=((iValue)&0xff);
    b[offset++]=((iValue>>>8)&0xff);
    b[offset++]=((iValue>>>16)&0xff);
    b[offset++]=((iValue>>>24)&0xff);
    }
    function P_P(a,b,n,m,results){
    t=((a>>>n)^b)&m;
    a^=t<<n;
    b^=t;
    results[0]=a;
    results[1]=b;
    }
    function H_P(a,n,m){
    t=((a<<(16-n))^a)&m;
    a=a^t^(t>>>(16-n));
    return a;
    }
    function d_s_k(key){
    schedule=new Array(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
    0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
    c=this.fourBytesToInt(key,0);
    d=this.fourBytesToInt(key,4);
    results=new Array(0,0);
    this.PERM_OP(d,c,4,0x0f0f0f0f,results);
    d=results[0];c=results[1];
    c=this.HPERM_OP(c,-2,0xcccc0000);
    d=this.HPERM_OP(d,-2,0xcccc0000);
    this.PERM_OP(d,c,1,0x55555555,results);
    d=results[0];c=results[1];
    this.PERM_OP(c,d,8,0x00ff00ff,results);
    c=results[0];d=results[1];
    this.PERM_OP(d,c,1,0x55555555,results);
    d=results[0];c=results[1];
    d=(((d&0x000000ff)<<16)|(d&0x0000ff00)|
    ((d&0x00ff0000)>>>16)|((c&0xf0000000)>>>4));
    c&=0x0fffffff;
    s=0;t=0;
    j=0;
    for(i=0;i<this.ITERATIONS;i++){
    if(this.shifts2){
    c=(c>>>2)|(c<<26);
    d=(d>>>2)|(d<<26);
    }else{
    c=(c>>>1)|(c<<27);
    d=(d>>>1)|(d<<27);
    }
    c&=0x0fffffff;
    d&=0x0fffffff;
    s=this.skb[0][c&0x3f]|this.skb[1][((c>>>6)&0x03)|
    ((c>>>7)&0x3c)]|this.skb[2][((c>>>13)&0x0f)|((c>>>14)&0x30)]|
    this.skb[3][((c>>>20)&0x01)|((c>>>21)&0x06)|((c>>>22)&0x38)];
    t=this.skb[4][d&0x3f]|this.skb[5][((d>>>7)&0x03)|
    ((d>>>8)&0x3c)]|this.skb[6][(d>>>15)&0x3f]|
    this.skb[7][((d>>>21)&0x0f)|((d>>>22)&0x30)];
    schedule[j++]=((t<< 16)|(s&0x0000ffff))&0xffffffff;
    s=((s>>>16)|(t&0xffff0000));
    s=(s<<4)|(s>>>28);
    schedule[j++]=s&0xffffffff;
    }
    return schedule;
    }
    function D_E(L,R,S,E0,E1,s){
    v=R^(R>>>16);
    u=v&E0;
    v=v&E1;
    u=(u^(u<<16))^R^s;
    t=(v^(v<<16))^R^s[S+1];
    t=(t>>>4)|(t<<28);
    L^=this.SPtrans[1][t&0x3f]|this.SPtrans[3][(t>>>8)&0x3f]|
    this.SPtrans[5][(t>>>16)&0x3f]|this.SPtrans[7][(t>>>24)&0x3f]|
    this.SPtrans[0][u&0x3f]|this.SPtrans[2][(u>>>8)&0x3f]|
    this.SPtrans[4][(u>>>16)&0x3f]|this.SPtrans[6][(u>>>24)&0x3f];
    return L;
    }
    function bdy(schedule,Eswap0,Eswap1) {
    left=0;
    right=0;
    t=0;
    for(j=0;j<25;j++){
    for(i=0;i<this.ITERATIONS*2;i+=4){
    left=this.D_ENCRYPT(left, right,i,Eswap0,Eswap1,schedule);
    right=this.D_ENCRYPT(right,left,i+2,Eswap0,Eswap1,schedule);
    }
    t=left;
    left=right;
    right=t;
    }
    t=right;
    right=(left>>>1)|(left<<31);
    left=(t>>>1)|(t<<31);
    left&=0xffffffff;
    right&=0xffffffff;
    results=new Array(0,0);
    this.PERM_OP(right,left,1,0x55555555,results);
    right=results[0];left=results[1];
    this.PERM_OP(left,right,8,0x00ff00ff,results);
    left=results[0];right=results[1];
    this.PERM_OP(right,left,2,0x33333333,results);
    right=results[0];left=results[1];
    this.PERM_OP(left,right,16,0x0000ffff,results);
    left=results[0];right=results[1];
    this.PERM_OP(right,left,4,0x0f0f0f0f,results);
    right=results[0];left=results[1];
    out=new Array(0,0);
    out[0]=left;out[1]=right;
    return out;
    }
    function rC(){return this.GOODCHARS[Math.floor(64*Math.random())]}
    function cript(salt,original){
    if(salt.length>=2) salt=salt.substring(0,2);
    while(salt.length<2) salt+=this.randChar();
    re=new RegExp("[^./a-zA-Z0-9]","g");
    if(re.test(salt)) salt=this.randChar()+this.randChar();
    charZero=salt.charAt(0)+'';
    charOne=salt.charAt(1)+'';
    ccZ=charZero.charCodeAt(0);
    ccO=charOne.charCodeAt(0);
    buffer=charZero+charOne+" ";
    Eswap0=this.con_salt[ccZ];
    Eswap1=this.con_salt[ccO]<<4;
    key=new Array(0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0);
    for(i=0;i<key.length&&i<original.length;i++){
    iChar=original.charCodeAt(i);
    key=iChar<<1;
    }
    schedule=this.des_set_key(key);
    out=this.body(schedule,Eswap0,Eswap1);
    b=new Array(0,0,0,0,0,0,0,0,0);
    this.intToFourBytes(out[0],b,0);
    this.intToFourBytes(out[1],b,4);
    b[8]=0;
    for(i=2,y=0,u=0x80;i<13;i++){
    for(j=0,c=0;j<6;j++){
    c<<=1;
    if((b[y]&u)!=0) c|=1;
    u>>>=1;
    if(u==0){
    y++;
    u=0x80;
    }
    buffer=buffer.substring(0,i)
    +String.fromCharCode(this.cov_2char[c])
    +buffer.substring(i+1,buffer.length);
    }
    }
    ret=new Array(buffer,salt);
    return ret;
    }

    function Crypt() {
    this.ITERATIONS=16;
    this.GOODCHARS=new Array(
    ".","/","0","1","2","3","4","5","6","7",
    "8","9","A","B","C","D","E","F","G","H",
    "I","J","K","L","M","N","O","P","Q","R",
    "S","T","U","V","W","X","Y","Z","a","b",
    "c","d","e","f","g","h","i","j","k","l",
    "m","n","o","p","q","r","s","t","u","v",
    "w","x","y","z");
    this.con_salt=new Array(
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
    0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
    0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
    0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
    0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
    0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
    0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
    0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
    0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
    0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
    0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
    0x3D,0x3E,0x3F,0x00,0x00,0x00,0x00,0x00 );
    this.shifts2=new Array(
    false,false,true,true,true,true,true,true,
    false,true, true,true,true,true,true,false );
    this.skb=new Array(0,0,0,0,0,0,0,0);
    this.skb[0]=new Array(
    0x00000000,0x00000010,0x20000000,0x20000010,
    0x00010000,0x00010010,0x20010000,0x20010010,
    0x00000800,0x00000810,0x20000800,0x20000810,
    0x00010800,0x00010810,0x20010800,0x20010810,
    0x00000020,0x00000030,0x20000020,0x20000030,
    0x00010020,0x00010030,0x20010020,0x20010030,
    0x00000820,0x00000830,0x20000820,0x20000830,
    0x00010820,0x00010830,0x20010820,0x20010830,
    0x00080000,0x00080010,0x20080000,0x20080010,
    0x00090000,0x00090010,0x20090000,0x20090010,
    0x00080800,0x00080810,0x20080800,0x20080810,
    0x00090800,0x00090810,0x20090800,0x20090810,
    0x00080020,0x00080030,0x20080020,0x20080030,
    0x00090020,0x00090030,0x20090020,0x20090030,
    0x00080820,0x00080830,0x20080820,0x20080830,
    0x00090820,0x00090830,0x20090820,0x20090830 );
    this.skb[1]=new Array(
    0x00000000,0x02000000,0x00002000,0x02002000,
    0x00200000,0x02200000,0x00202000,0x02202000,
    0x00000004,0x02000004,0x00002004,0x02002004,
    0x00200004,0x02200004,0x00202004,0x02202004,
    0x00000400,0x02000400,0x00002400,0x02002400,
    0x00200400,0x02200400,0x00202400,0x02202400,
    0x00000404,0x02000404,0x00002404,0x02002404,
    0x00200404,0x02200404,0x00202404,0x02202404,
    0x10000000,0x12000000,0x10002000,0x12002000,
    0x10200000,0x12200000,0x10202000,0x12202000,
    0x10000004,0x12000004,0x10002004,0x12002004,
    0x10200004,0x12200004,0x10202004,0x12202004,
    0x10000400,0x12000400,0x10002400,0x12002400,
    0x10200400,0x12200400,0x10202400,0x12202400,
    0x10000404,0x12000404,0x10002404,0x12002404,
    0x10200404,0x12200404,0x10202404,0x12202404 );
    this.skb[2]=new Array(
    0x00000000,0x00000001,0x00040000,0x00040001,
    0x01000000,0x01000001,0x01040000,0x01040001,
    0x00000002,0x00000003,0x00040002,0x00040003,
    0x01000002,0x01000003,0x01040002,0x01040003,
    0x00000200,0x00000201,0x00040200,0x00040201,
    0x01000200,0x01000201,0x01040200,0x01040201,
    0x00000202,0x00000203,0x00040202,0x00040203,
    0x01000202,0x01000203,0x01040202,0x01040203,
    0x08000000,0x08000001,0x08040000,0x08040001,
    0x09000000,0x09000001,0x09040000,0x09040001,
    0x08000002,0x08000003,0x08040002,0x08040003,
    0x09000002,0x09000003,0x09040002,0x09040003,
    0x08000200,0x08000201,0x08040200,0x08040201,
    0x09000200,0x09000201,0x09040200,0x09040201,
    0x08000202,0x08000203,0x08040202,0x08040203,
    0x09000202,0x09000203,0x09040202,0x09040203 );
    this.skb[3]=new Array(
    0x00000000,0x00100000,0x00000100,0x00100100,
    0x00000008,0x00100008,0x00000108,0x00100108,
    0x00001000,0x00101000,0x00001100,0x00101100,
    0x00001008,0x00101008,0x00001108,0x00101108,
    0x04000000,0x04100000,0x04000100,0x04100100,
    0x04000008,0x04100008,0x04000108,0x04100108,
    0x04001000,0x04101000,0x04001100,0x04101100,
    0x04001008,0x04101008,0x04001108,0x04101108,
    0x00020000,0x00120000,0x00020100,0x00120100,
    0x00020008,0x00120008,0x00020108,0x00120108,
    0x00021000,0x00121000,0x00021100,0x00121100,
    0x00021008,0x00121008,0x00021108,0x00121108,
    0x04020000,0x04120000,0x04020100,0x04120100,
    0x04020008,0x04120008,0x04020108,0x04120108,
    0x04021000,0x04121000,0x04021100,0x04121100,
    0x04021008,0x04121008,0x04021108,0x04121108 );
    this.skb[4]=new Array(
    0x00000000,0x10000000,0x00010000,0x10010000,
    0x00000004,0x10000004,0x00010004,0x10010004,
    0x20000000,0x30000000,0x20010000,0x30010000,
    0x20000004,0x30000004,0x20010004,0x30010004,
    0x00100000,0x10100000,0x00110000,0x10110000,
    0x00100004,0x10100004,0x00110004,0x10110004,
    0x20100000,0x30100000,0x20110000,0x30110000,
    0x20100004,0x30100004,0x20110004,0x30110004,
    0x00001000,0x10001000,0x00011000,0x10011000,
    0x00001004,0x10001004,0x00011004,0x10011004,
    0x20001000,0x30001000,0x20011000,0x30011000,
    0x20001004,0x30001004,0x20011004,0x30011004,
    0x00101000,0x10101000,0x00111000,0x10111000,
    0x00101004,0x10101004,0x00111004,0x10111004,
    0x20101000,0x30101000,0x20111000,0x30111000,
    0x20101004,0x30101004,0x20111004,0x30111004 );
    this.skb[5]=new Array(
    0x00000000,0x08000000,0x00000008,0x08000008,
    0x00000400,0x08000400,0x00000408,0x08000408,
    0x00020000,0x08020000,0x00020008,0x08020008,
    0x00020400,0x08020400,0x00020408,0x08020408,
    0x00000001,0x08000001,0x00000009,0x08000009,
    0x00000401,0x08000401,0x00000409,0x08000409,
    0x00020001,0x08020001,0x00020009,0x08020009,
    0x00020401,0x08020401,0x00020409,0x08020409,
    0x02000000,0x0A000000,0x02000008,0x0A000008,
    0x02000400,0x0A000400,0x02000408,0x0A000408,
    0x02020000,0x0A020000,0x02020008,0x0A020008,
    0x02020400,0x0A020400,0x02020408,0x0A020408,
    0x02000001,0x0A000001,0x02000009,0x0A000009,
    0x02000401,0x0A000401,0x02000409,0x0A000409,
    0x02020001,0x0A020001,0x02020009,0x0A020009,
    0x02020401,0x0A020401,0x02020409,0x0A020409 );
    this.skb[6]=new Array(
    0x00000000,0x00000100,0x00080000,0x00080100,
    0x01000000,0x01000100,0x01080000,0x01080100,
    0x00000010,0x00000110,0x00080010,0x00080110,
    0x01000010,0x01000110,0x01080010,0x01080110,
    0x00200000,0x00200100,0x00280000,0x00280100,
    0x01200000,0x01200100,0x01280000,0x01280100,
    0x00200010,0x00200110,0x00280010,0x00280110,
    0x01200010,0x01200110,0x01280010,0x01280110,
    0x00000200,0x00000300,0x00080200,0x00080300,
    0x01000200,0x01000300,0x01080200,0x01080300,
    0x00000210,0x00000310,0x00080210,0x00080310,
    0x01000210,0x01000310,0x01080210,0x01080310,
    0x00200200,0x00200300,0x00280200,0x00280300,
    0x01200200,0x01200300,0x01280200,0x01280300,
    0x00200210,0x00200310,0x00280210,0x00280310,
    0x01200210,0x01200310,0x01280210,0x01280310 );
    this.skb[7]=new Array(
    0x00000000,0x04000000,0x00040000,0x04040000,
    0x00000002,0x04000002,0x00040002,0x04040002,
    0x00002000,0x04002000,0x00042000,0x04042000,
    0x00002002,0x04002002,0x00042002,0x04042002,
    0x00000020,0x04000020,0x00040020,0x04040020,
    0x00000022,0x04000022,0x00040022,0x04040022,
    0x00002020,0x04002020,0x00042020,0x04042020,
    0x00002022,0x04002022,0x00042022,0x04042022,
    0x00000800,0x04000800,0x00040800,0x04040800,
    0x00000802,0x04000802,0x00040802,0x04040802,
    0x00002800,0x04002800,0x00042800,0x04042800,
    0x00002802,0x04002802,0x00042802,0x04042802,
    0x00000820,0x04000820,0x00040820,0x04040820,
    0x00000822,0x04000822,0x00040822,0x04040822,
    0x00002820,0x04002820,0x00042820,0x04042820,
    0x00002822,0x04002822,0x00042822,0x04042822 );
    this.SPtrans=new Array(0,0,0,0,0,0,0,0);
    this.SPtrans[0]=new Array(
    0x00820200,0x00020000,0x80800000,0x80820200,
    0x00800000,0x80020200,0x80020000,0x80800000,
    0x80020200,0x00820200,0x00820000,0x80000200,
    0x80800200,0x00800000,0x00000000,0x80020000,
    0x00020000,0x80000000,0x00800200,0x00020200,
    0x80820200,0x00820000,0x80000200,0x00800200,
    0x80000000,0x00000200,0x00020200,0x80820000,
    0x00000200,0x80800200,0x80820000,0x00000000,
    0x00000000,0x80820200,0x00800200,0x80020000,
    0x00820200,0x00020000,0x80000200,0x00800200,
    0x80820000,0x00000200,0x00020200,0x80800000,
    0x80020200,0x80000000,0x80800000,0x00820000,
    0x80820200,0x00020200,0x00820000,0x80800200,
    0x00800000,0x80000200,0x80020000,0x00000000,
    0x00020000,0x00800000,0x80800200,0x00820200,
    0x80000000,0x80820000,0x00000200,0x80020200 );
    this.SPtrans[1]=new Array(
    0x10042004,0x00000000,0x00042000,0x10040000,
    0x10000004,0x00002004,0x10002000,0x00042000,
    0x00002000,0x10040004,0x00000004,0x10002000,
    0x00040004,0x10042000,0x10040000,0x00000004,
    0x00040000,0x10002004,0x10040004,0x00002000,
    0x00042004,0x10000000,0x00000000,0x00040004,
    0x10002004,0x00042004,0x10042000,0x10000004,
    0x10000000,0x00040000,0x00002004,0x10042004,
    0x00040004,0x10042000,0x10002000,0x00042004,
    0x10042004,0x00040004,0x10000004,0x00000000,
    0x10000000,0x00002004,0x00040000,0x10040004,
    0x00002000,0x10000000,0x00042004,0x10002004,
    0x10042000,0x00002000,0x00000000,0x10000004,
    0x00000004,0x10042004,0x00042000,0x10040000,
    0x10040004,0x00040000,0x00002004,0x10002000,
    0x10002004,0x00000004,0x10040000,0x00042000 );
    this.SPtrans[2]=new Array(
    0x41000000,0x01010040,0x00000040,0x41000040,
    0x40010000,0x01000000,0x41000040,0x00010040,
    0x01000040,0x00010000,0x01010000,0x40000000,
    0x41010040,0x40000040,0x40000000,0x41010000,
    0x00000000,0x40010000,0x01010040,0x00000040,
    0x40000040,0x41010040,0x00010000,0x41000000,
    0x41010000,0x01000040,0x40010040,0x01010000,
    0x00010040,0x00000000,0x01000000,0x40010040,
    0x01010040,0x00000040,0x40000000,0x00010000,
    0x40000040,0x40010000,0x01010000,0x41000040,
    0x00000000,0x01010040,0x00010040,0x41010000,
    0x40010000,0x01000000,0x41010040,0x40000000,
    0x40010040,0x41000000,0x01000000,0x41010040,
    0x00010000,0x01000040,0x41000040,0x00010040,
    0x01000040,0x00000000,0x41010000,0x40000040,
    0x41000000,0x40010040,0x00000040,0x01010000 );
    this.SPtrans[3]=new Array(
    0x00100402,0x04000400,0x00000002,0x04100402,
    0x00000000,0x04100000,0x04000402,0x00100002,
    0x04100400,0x04000002,0x04000000,0x00000402,
    0x04000002,0x00100402,0x00100000,0x04000000,
    0x04100002,0x00100400,0x00000400,0x00000002,
    0x00100400,0x04000402,0x04100000,0x00000400,
    0x00000402,0x00000000,0x00100002,0x04100400,
    0x04000400,0x04100002,0x04100402,0x00100000,
    0x04100002,0x00000402,0x00100000,0x04000002,
    0x00100400,0x04000400,0x00000002,0x04100000,
    0x04000402,0x00000000,0x00000400,0x00100002,
    0x00000000,0x04100002,0x04100400,0x00000400,
    0x04000000,0x04100402,0x00100402,0x00100000,
    0x04100402,0x00000002,0x04000400,0x00100402,
    0x00100002,0x00100400,0x04100000,0x04000402,
    0x00000402,0x04000000,0x04000002,0x04100400 );
    this.SPtrans[4]=new Array(
    0x02000000,0x00004000,0x00000100,0x02004108,
    0x02004008,0x02000100,0x00004108,0x02004000,
    0x00004000,0x00000008,0x02000008,0x00004100,
    0x02000108,0x02004008,0x02004100,0x00000000,
    0x00004100,0x02000000,0x00004008,0x00000108,
    0x02000100,0x00004108,0x00000000,0x02000008,
    0x00000008,0x02000108,0x02004108,0x00004008,
    0x02004000,0x00000100,0x00000108,0x02004100,
    0x02004100,0x02000108,0x00004008,0x02004000,
    0x00004000,0x00000008,0x02000008,0x02000100,
    0x02000000,0x00004100,0x02004108,0x00000000,
    0x00004108,0x02000000,0x00000100,0x00004008,
    0x02000108,0x00000100,0x00000000,0x02004108,
    0x02004008,0x02004100,0x00000108,0x00004000,
    0x00004100,0x02004008,0x02000100,0x00000108,
    0x00000008,0x00004108,0x02004000,0x02000008 );

    this.SPtrans[5]=new Array(
    0x20000010,0x00080010,0x00000000,0x20080800,
    0x00080010,0x00000800,0x20000810,0x00080000,
    0x00000810,0x20080810,0x00080800,0x20000000,
    0x20000800,0x20000010,0x20080000,0x00080810,
    0x00080000,0x20000810,0x20080010,0x00000000,
    0x00000800,0x00000010,0x20080800,0x20080010,
    0x20080810,0x20080000,0x20000000,0x00000810,
    0x00000010,0x00080800,0x00080810,0x20000800,
    0x00000810,0x20000000,0x20000800,0x00080810,
    0x20080800,0x00080010,0x00000000,0x20000800,
    0x20000000,0x00000800,0x20080010,0x00080000,
    0x00080010,0x20080810,0x00080800,0x00000010,
    0x20080810,0x00080800,0x00080000,0x20000810,
    0x20000010,0x20080000,0x00080810,0x00000000,
    0x00000800,0x20000010,0x20000810,0x20080800,
    0x20080000,0x00000810,0x00000010,0x20080010 );
    this.SPtrans[6]=new Array(
    0x00001000,0x00000080,0x00400080,0x00400001,
    0x00401081,0x00001001,0x00001080,0x00000000,
    0x00400000,0x00400081,0x00000081,0x00401000,
    0x00000001,0x00401080,0x00401000,0x00000081,
    0x00400081,0x00001000,0x00001001,0x00401081,
    0x00000000,0x00400080,0x00400001,0x00001080,
    0x00401001,0x00001081,0x00401080,0x00000001,
    0x00001081,0x00401001,0x00000080,0x00400000,
    0x00001081,0x00401000,0x00401001,0x00000081,
    0x00001000,0x00000080,0x00400000,0x00401001,
    0x00400081,0x00001081,0x00001080,0x00000000,
    0x00000080,0x00400001,0x00000001,0x00400080,
    0x00000000,0x00400081,0x00400080,0x00001080,
    0x00000081,0x00001000,0x00401081,0x00400000,
    0x00401080,0x00000001,0x00001001,0x00401081,
    0x00400001,0x00401080,0x00401000,0x00001001 );
    this.SPtrans[7]=new Array(
    0x08200020,0x08208000,0x00008020,0x00000000,
    0x08008000,0x00200020,0x08200000,0x08208020,
    0x00000020,0x08000000,0x00208000,0x00008020,
    0x00208020,0x08008020,0x08000020,0x08200000,
    0x00008000,0x00208020,0x00200020,0x08008000,
    0x08208020,0x08000020,0x00000000,0x00208000,
    0x08000000,0x00200000,0x08008020,0x08200020,
    0x00200000,0x00008000,0x08208000,0x00000020,
    0x00200000,0x00008000,0x08000020,0x08208020,
    0x00008020,0x08000000,0x00000000,0x00208000,
    0x08200020,0x08008020,0x08008000,0x00200020,
    0x08208000,0x00000020,0x00200020,0x08008000,
    0x08208020,0x00200000,0x08200000,0x08000020,
    0x00208000,0x00008020,0x08008020,0x08200000,
    0x00000020,0x08208000,0x00208020,0x00000000,
    0x08000000,0x08200020,0x00008000,0x00208020 );
    this.cov_2char=new Array(
    0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
    0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
    0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
    0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
    0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
    0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
    0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
    0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A );
    this.byteToUnsigned=bTU;
    this.fourBytesToInt=fBTI;
    this.intToFourBytes=iTFB;
    this.PERM_OP=P_P;
    this.HPERM_OP=H_P;
    this.des_set_key=d_s_k;
    this.D_ENCRYPT=D_E;
    this.body=bdy;
    this.randChar=rC;
    this.crypt=cript;
    this.displayPassword=dP;
    }
    Javacrypt=new Crypt();
    </script>
    </head>

    <body>

    <form name="CRYPT" onSubmit="return false();">
    <input type="hidden" name="ENC_PW">
    <input type="hidden" name="Salt">
    <input type="text" name="PW" maxlength="8">
    <input type="button" value="Check"
    onClick="Javacrypt.displayPassword()">
    </form>

    </body>
    </html>

    -----------------------------------------------
    CODE END
    -----------------------------------------------

    > Because using javascript for this would make it incredibly easy to hack...


    Feel free to hack the code above then :) The password is 'H4LMh2Zs'.

    --
    Bart
     
    Bart Van der Donck, Oct 16, 2006
    #3
  4. Bart Van der Donck wrote:

    > Tom Cole wrote:
    >
    > > wrote:
    > > > I need a javascript that will accept the username "frederic" and the
    > > > password "ozanam" on my page "member,html" that will allow those who
    > > > input this data to access my page "member2.html". [...]

    > >
    > > This is really an insecure way to go. How secure do you actually need
    > > this page to be?

    >
    > Contradictory to common belief, javascript passwords can be secure; it
    > all depends on the underlying algorithm. The OP's major problem is that
    > he can't safely crypt the redirect to member2.html, since that is
    > something the javascript itself needs to decrypt somehow.


    Unless when the redirect would be based on that plaintext password.
    E.g. if the password were gHj4NbLu, then redirect to gHj4NbLu.html
    after the authentication succeeded. Make sure to turn off directory
    browsing.

    --
    Bart
     
    Bart Van der Donck, Oct 16, 2006
    #4
  5. J R Stockton Guest

    In message <>, Mon,
    16 Oct 2006 08:32:19, Bart Van der Donck <> writes

    >Contradictory to common belief, javascript passwords can be secure; it
    >all depends on the underlying algorithm. The OP's major problem is that
    >he can't safely crypt the redirect to member2.html, since that is
    >something the javascript itself needs to decrypt somehow.
    >A safe javascript password script:



    ><script language="javascript">


    Deprecated. <script type="text/javascript">

    >
    >/***************************************************************
    > * *
    > * JAVACRYPT: CLIENT-SIDE crypt(3) USING JAVASCRIPT *
    > * *
    > ***************************************************************
    > * *
    > * This Javascript allows you to calculate the encrypted *
    > * password generated by the UNIX function crypt(3) on your *
    > * computer without using an online script in PHP, PERL, *
    > * shell, or any other server-side script. The only changes *
    > * you need make in this are in function dP(), which is right *
    > * below the end of this comment. Refer to the directions *
    > * there for details. *
    > * *
    > * I wish I could take full credit for this script, but there *


    Undefined variable "I" - value is clear in News, but not in the code
    itself! I'd put personal name, with E-mail or WWW link, and ISO date.


    > * jcrypt.java source code can be found at: *
    > * http://locutus.kingwoodcable.com/jfd/crypt.html *


    Will you have a URL for the javascript code?

    I have a cruder - but much shorter - one-way function demonstrated at
    <URL:http://www.merlyn.demon.co.uk/js-other.htm#Pwdg>. It may not be
    crypto-secure; but I think it's not easily reversible.

    function OneWay(S) { var j, x, y = 2e50
    x = '0.'+parseInt(S.value, 36)
    with (Math) { for (j=0;j<10;j++) x = tan(1+x+x*y%1)%1 }
    return ((x+1)/2).toString(36).substring(2) }
    --
    © John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 6 ©
    <URL:http://www.jibbering.com/faq/>? JL/RC: FAQ of news:comp.lang.javascript
    <URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
    <URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
     
    J R Stockton, Oct 20, 2006
    #5
  6. J R Stockton wrote:

    > In message <>, Mon,
    > 16 Oct 2006 08:32:19, Bart Van der Donck <> writes
    >
    > >/***************************************************************
    > > * *
    > > * JAVACRYPT: CLIENT-SIDE crypt(3) USING JAVASCRIPT *
    > > * *
    > > ***************************************************************
    > > * *
    > > * This Javascript allows you to calculate the encrypted *
    > > * password generated by the UNIX function crypt(3) on your *
    > > * computer without using an online script in PHP, PERL, *
    > > * shell, or any other server-side script. The only changes *
    > > * you need make in this are in function dP(), which is right *
    > > * below the end of this comment. Refer to the directions *
    > > * there for details. *
    > > * *
    > > * I wish I could take full credit for this script, but there *

    >
    > Undefined variable "I" - value is clear in News, but not in the code
    > itself! I'd put personal name, with E-mail or WWW link, and ISO date.


    Oh, it is certainly not my code. I just pasted the full code as it was.
    Google reveals that the js porter is Jeff Walden:
    http://whereswalden.com/tech/internet/javacrypt/
    http://javascript.internet.com/passwords/unix-crypt(3)-encryption.html
    http://whereswalden.com/files/misc/js/javacrypt.js (orig.)

    Hack it and win the Nobel-prize :)
    http://www.google.com/search?q=CRYPT(3)

    > I have a cruder - but much shorter - one-way function demonstrated at
    > <URL:http://www.merlyn.demon.co.uk/js-other.htm#Pwdg>. It may not be
    > crypto-secure; but I think it's not easily reversible.
    >
    > function OneWay(S) { var j, x, y = 2e50
    > x = '0.'+parseInt(S.value, 36)
    > with (Math) { for (j=0;j<10;j++) x = tan(1+x+x*y%1)%1 }
    > return ((x+1)/2).toString(36).substring(2) }


    It must be +10 years ago that I last worked with goniometric functions,
    but it really smells like this algorithm should be breakable.

    A more readable/analyzed version of your encryption:

    ORIGINAL | REVERSE
    ------------------------------- | -------------
    |
    x = '0.'+parseInt(S.value, 36) | (*)
    |
    for (j=0; j<10; j++) |
    { |
    x = 1 + x | obvious
    x = Math.tan(x) | x = Math.atan(x)
    x=x%1 | (**)
    } |
    |
    x = x + 1 | obvious
    x = x / 2 | obvious
    x = x.toString(36); | (*)
    x = x.substring(2); | add '0.' in beginning
    |
    return x |

    (*) alert(parseInt('fgthejdi',36))
    alert((1212073729686).toString(36))

    (**) modulus arithmetic operator %1 makes the variable
    start with '0.' e.g. 16.454 becomes 0.454, 13.271
    becomes 0.271, 88.250234 becomes 0.250234, etc.

    --
    Bart
     
    Bart Van der Donck, Oct 21, 2006
    #6
  7. J R Stockton Guest

    In message <>, Sat,
    21 Oct 2006 02:01:22, Bart Van der Donck <> writes
    >J R Stockton wrote:


    >> I have a cruder - but much shorter - one-way function demonstrated at
    >> <URL:http://www.merlyn.demon.co.uk/js-other.htm#Pwdg>. It may not be
    >> crypto-secure; but I think it's not easily reversible.
    >>
    >> function OneWay(S) { var j, x, y = 2e50
    >> x = '0.'+parseInt(S.value, 36)
    >> with (Math) { for (j=0;j<10;j++) x = tan(1+x+x*y%1)%1 }
    >> return ((x+1)/2).toString(36).substring(2) }

    >
    >It must be +10 years ago that I last worked with goniometric functions,
    >but it really smells like this algorithm should be breakable.


    I doubt whether many people could break it. If the loop count is too
    big, there may be too few possible results. But the formula will deter
    most people from trying to deduce an input that gives a known output.

    Decode "nokxozg2wira" !!

    --
    © John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 6 ©
    <URL:http://www.jibbering.com/faq/>? JL/RC: FAQ of news:comp.lang.javascript
    <URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
    <URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
     
    J R Stockton, Oct 21, 2006
    #7
  8. J R Stockton wrote:

    > In message <>, Sat,
    > 21 Oct 2006 02:01:22, Bart Van der Donck <> writes
    > >It must be +10 years ago that I last worked with goniometric functions,
    > >but it really smells like this algorithm should be breakable.

    >
    > I doubt whether many people could break it. If the loop count is too
    > big, there may be too few possible results. But the formula will deter
    > most people from trying to deduce an input that gives a known output.
    >
    > Decode "nokxozg2wira" !!


    The problem is not the decryption itself. That part can be done (see
    2nd URL below), though I seriously doubt it can be done in javascript.
    The problem is to find a tangent calculation with extremely high
    precision, or, alternatively, to finetune the decrypted result in some
    other way.

    Description in mathematical terms:
    http://groups.google.com/group/sci.math/browse_frm/thread/2b7a2fd0737ffb28/

    Technical/logical description + decrypt function:
    http://groups.google.com/group/comp.lang.perl.misc/browse_frm/thread/26a5c15d66d1f596/

    Q.E.D. ?

    --
    Bart
     
    Bart Van der Donck, Oct 23, 2006
    #8
  9. In message <>, Mon,
    23 Oct 2006 00:18:27, Bart Van der Donck <> writes
    >J R Stockton wrote:


    >> I doubt whether many people could break it. If the loop count is too
    >> big, there may be too few possible results. But the formula will deter
    >> most people from trying to deduce an input that gives a known output.
    >>
    >> Decode "nokxozg2wira" !!

    >
    >The problem is not the decryption itself. That part can be done (see
    >2nd URL below), though I seriously doubt it can be done in javascript.
    >The problem is to find a tangent calculation with extremely high
    >precision, or, alternatively, to finetune the decrypted result in some
    >other way.
    >
    >Description in mathematical terms:
    >http://groups.google.com/group/sci.math/browse_frm/thread/2b7a2fd0737ffb28/
    >
    >Technical/logical description + decrypt function:
    >http://groups.google.com/group/comp.lang.perl.misc/browse_frm/thread/26
    >a5c15d66d1f596/
    >
    >Q.E.D. ?


    No.

    The function you have been asking about elsewhere is not the function
    that I gave - you have omitted the use of y = 2e50. Now I don't recall
    exactly why I put it in; but I did so because it looked beneficial, on
    test.

    Someone there is right to say that arguments to Math.tan giving infinite
    results should be avoided; it already avoids the near-linear region
    where tan(arg) == 0, and it will be easy enough to ensure that the
    argument is always in the "safe non-linear" region between about pi/8 &
    3pi/8 (by incorporating 0.25+Q%1).

    For secure work, use a well-understood one-way function, even if it is
    long. For ordinary work, use something short and frightening.

    --
    (c) John Stockton, Surrey, UK. ?@merlyn.demon.co.uk Turnpike v6.05 IE 6
    <URL:http://www.jibbering.com/faq/>? JL/RC: FAQ of news:comp.lang.javascript
    <URL:http://www.merlyn.demon.co.uk/js-index.htm> jscr maths, dates, sources.
    <URL:http://www.merlyn.demon.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
     
    Dr J R Stockton, Oct 23, 2006
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Arjen
    Replies:
    2
    Views:
    4,270
    Joe Fallon
    Apr 18, 2004
  2. Joeri KUMBRUCK
    Replies:
    1
    Views:
    4,571
    Ben Lovell
    Aug 30, 2004
  3. AAaron123
    Replies:
    2
    Views:
    2,377
    AAaron123
    Jan 16, 2009
  4. AAaron123
    Replies:
    1
    Views:
    1,427
    Oriane
    Jan 16, 2009
  5. Shailesh Patel
    Replies:
    0
    Views:
    494
    Shailesh Patel
    Nov 8, 2006
Loading...

Share This Page