Username and Password

[rhumphri]

I need a javascript that will accept the username "frederic" and the
password "ozanam" on my page "member,html" that will allow those who
input this data to access my page "member2.html".

I had a script that did this but when I updated the page on which it
resided I did not keep a copy of the javascript.

If you can help me with the script and email it to me at
(e-mail address removed) I would be very grateful.

And of course this time I will - I promise - back up my code!!

Thanks, Reg

 

[Tom Cole]

I need a javascript that will accept the username "frederic" and the
password "ozanam" on my page "member,html" that will allow those who
input this data to access my page "member2.html".

I had a script that did this but when I updated the page on which it
resided I did not keep a copy of the javascript.

If you can help me with the script and email it to me at
(e-mail address removed) I would be very grateful.

And of course this time I will - I promise - back up my code!!

Thanks, Reg

This is really an insecure way to go. How secure do you actually need
this page to be? Because using javascript for this would make it
incredibly easy to hack...

 

[Bart Van der Donck]

I need a javascript that will accept the username "frederic" and the
password "ozanam" on my page "member,html" that will allow those who
input this data to access my page "member2.html". [...]

This is really an insecure way to go. How secure do you actually need
this page to be?

Contradictory to common belief, javascript passwords can be secure; it
all depends on the underlying algorithm. The OP's major problem is that
he can't safely crypt the redirect to member2.html, since that is
something the javascript itself needs to decrypt somehow.
A safe javascript password script:

-----------------------------------------------
CODE START
-----------------------------------------------

<html>

<head>
<title>Crypt</title>
<script language="javascript">

/***************************************************************
* *
* JAVACRYPT: CLIENT-SIDE crypt(3) USING JAVASCRIPT *
* *
***************************************************************
* *
* This Javascript allows you to calculate the encrypted *
* password generated by the UNIX function crypt(3) on your *
* computer without using an online script in PHP, PERL, *
* shell, or any other server-side script. The only changes *
* you need make in this are in function dP(), which is right *
* below the end of this comment. Refer to the directions *
* there for details. *
* *
* I wish I could take full credit for this script, but there *
* are several people who deserve most of the credit *
* *
* First and foremost, I thank John F. Dumas for writing *
* jcrypt.java, a Java-based implementation of crypt(3) and *
* from which this Javascript is heavily based (actually, I *
* just did a direct port from his code, using Sun's tutorial *
* and my knowledge of Javascript). I additionally thank *
* Eric Young for writing the C code off which Dumas based *
* his script. Finally, thanks goes to the original writers *
* of crypt(3), whoever they are. *
* *
* If you have questions, I suggest you ask John Dumas about *
* them, as I have no real idea what any of this code does. *
* Base the questions off his source code, as Javascript and *
* Java are (in basic operators) nearly identical. *
* *
* jcrypt.java source code can be found at: *
* http://locutus.kingwoodcable.com/jfd/crypt.html *
* *
***************************************************************/

function dP(){
salt = (document.CRYPT.PW.value).substring(0,2);
pw_salt=this.crypt(salt,document.CRYPT.PW.value);

document.CRYPT.ENC_PW.value=pw_salt[0];
document.CRYPT.Salt.value=pw_salt[1];

if (pw_salt[0] == 'H4bBU6qFGRa6w'){
alert('good password') }
else {
alert('bad password') }
return false;
}

function bTU(b){
value=Math.floor(b);
return (value>=0?value:value+256);
}
function fBTI(b,offset){
value=this.byteToUnsigned(b[offset++]);
value|=(this.byteToUnsigned(b[offset++])<<8);
value|=(this.byteToUnsigned(b[offset++])<<16);
value|=(this.byteToUnsigned(b[offset++])<<24);
return value;
}
function iTFB(iValue,b,offset){
b[offset++]=((iValue)&0xff);
b[offset++]=((iValue>>>8)&0xff);
b[offset++]=((iValue>>>16)&0xff);
b[offset++]=((iValue>>>24)&0xff);
}
function P_P(a,b,n,m,results){
t=((a>>>n)^b)&m;
a^=t<<n;
b^=t;
results[0]=a;
results[1]=b;
}
function H_P(a,n,m){
t=((a<<(16-n))^a)&m;
a=a^t^(t>>>(16-n));
return a;
}
function d_s_k(key){
schedule=new Array(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0);
c=this.fourBytesToInt(key,0);
d=this.fourBytesToInt(key,4);
results=new Array(0,0);
this.PERM_OP(d,c,4,0x0f0f0f0f,results);
d=results[0];c=results[1];
c=this.HPERM_OP(c,-2,0xcccc0000);
d=this.HPERM_OP(d,-2,0xcccc0000);
this.PERM_OP(d,c,1,0x55555555,results);
d=results[0];c=results[1];
this.PERM_OP(c,d,8,0x00ff00ff,results);
c=results[0];d=results[1];
this.PERM_OP(d,c,1,0x55555555,results);
d=results[0];c=results[1];
d=(((d&0x000000ff)<<16)|(d&0x0000ff00)|
((d&0x00ff0000)>>>16)|((c&0xf0000000)>>>4));
c&=0x0fffffff;
s=0;t=0;
j=0;
for(i=0;i<this.ITERATIONS;i++){
if(this.shifts2){
c=(c>>>2)|(c<<26);
d=(d>>>2)|(d<<26);
}else{
c=(c>>>1)|(c<<27);
d=(d>>>1)|(d<<27);
}
c&=0x0fffffff;
d&=0x0fffffff;
s=this.skb[0][c&0x3f]|this.skb[1][((c>>>6)&0x03)|
((c>>>7)&0x3c)]|this.skb[2][((c>>>13)&0x0f)|((c>>>14)&0x30)]|
this.skb[3][((c>>>20)&0x01)|((c>>>21)&0x06)|((c>>>22)&0x38)];
t=this.skb[4][d&0x3f]|this.skb[5][((d>>>7)&0x03)|
((d>>>8)&0x3c)]|this.skb[6][(d>>>15)&0x3f]|
this.skb[7][((d>>>21)&0x0f)|((d>>>22)&0x30)];
schedule[j++]=((t<< 16)|(s&0x0000ffff))&0xffffffff;
s=((s>>>16)|(t&0xffff0000));
s=(s<<4)|(s>>>28);
schedule[j++]=s&0xffffffff;
}
return schedule;
}
function D_E(L,R,S,E0,E1,s){
v=R^(R>>>16);
u=v&E0;
v=v&E1;
u=(u^(u<<16))^R^s;
t=(v^(v<<16))^R^s[S+1];
t=(t>>>4)|(t<<28);
L^=this.SPtrans[1][t&0x3f]|this.SPtrans[3][(t>>>8)&0x3f]|
this.SPtrans[5][(t>>>16)&0x3f]|this.SPtrans[7][(t>>>24)&0x3f]|
this.SPtrans[0][u&0x3f]|this.SPtrans[2][(u>>>8)&0x3f]|
this.SPtrans[4][(u>>>16)&0x3f]|this.SPtrans[6][(u>>>24)&0x3f];
return L;
}
function bdy(schedule,Eswap0,Eswap1) {
left=0;
right=0;
t=0;
for(j=0;j<25;j++){
for(i=0;i<this.ITERATIONS*2;i+=4){
left=this.D_ENCRYPT(left, right,i,Eswap0,Eswap1,schedule);
right=this.D_ENCRYPT(right,left,i+2,Eswap0,Eswap1,schedule);
}
t=left;
left=right;
right=t;
}
t=right;
right=(left>>>1)|(left<<31);
left=(t>>>1)|(t<<31);
left&=0xffffffff;
right&=0xffffffff;
results=new Array(0,0);
this.PERM_OP(right,left,1,0x55555555,results);
right=results[0];left=results[1];
this.PERM_OP(left,right,8,0x00ff00ff,results);
left=results[0];right=results[1];
this.PERM_OP(right,left,2,0x33333333,results);
right=results[0];left=results[1];
this.PERM_OP(left,right,16,0x0000ffff,results);
left=results[0];right=results[1];
this.PERM_OP(right,left,4,0x0f0f0f0f,results);
right=results[0];left=results[1];
out=new Array(0,0);
out[0]=left;out[1]=right;
return out;
}
function rC(){return this.GOODCHARS[Math.floor(64*Math.random())]}
function cript(salt,original){
if(salt.length>=2) salt=salt.substring(0,2);
while(salt.length<2) salt+=this.randChar();
re=new RegExp("[^./a-zA-Z0-9]","g");
if(re.test(salt)) salt=this.randChar()+this.randChar();
charZero=salt.charAt(0)+'';
charOne=salt.charAt(1)+'';
ccZ=charZero.charCodeAt(0);
ccO=charOne.charCodeAt(0);
buffer=charZero+charOne+" ";
Eswap0=this.con_salt[ccZ];
Eswap1=this.con_salt[ccO]<<4;
key=new Array(0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0);
for(i=0;i<key.length&&i<original.length;i++){
iChar=original.charCodeAt(i);
key=iChar<<1;
}
schedule=this.des_set_key(key);
out=this.body(schedule,Eswap0,Eswap1);
b=new Array(0,0,0,0,0,0,0,0,0);
this.intToFourBytes(out[0],b,0);
this.intToFourBytes(out[1],b,4);
b[8]=0;
for(i=2,y=0,u=0x80;i<13;i++){
for(j=0,c=0;j<6;j++){
c<<=1;
if((b[y]&u)!=0) c|=1;
u>>>=1;
if(u==0){
y++;
u=0x80;
}
buffer=buffer.substring(0,i)
+String.fromCharCode(this.cov_2char[c])
+buffer.substring(i+1,buffer.length);
}
}
ret=new Array(buffer,salt);
return ret;
}

function Crypt() {
this.ITERATIONS=16;
this.GOODCHARS=new Array(
".","/","0","1","2","3","4","5","6","7",
"8","9","A","B","C","D","E","F","G","H",
"I","J","K","L","M","N","O","P","Q","R",
"S","T","U","V","W","X","Y","Z","a","b",
"c","d","e","f","g","h","i","j","k","l",
"m","n","o","p","q","r","s","t","u","v",
"w","x","y","z");
this.con_salt=new Array(
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
0x3D,0x3E,0x3F,0x00,0x00,0x00,0x00,0x00 );
this.shifts2=new Array(
false,false,true,true,true,true,true,true,
false,true, true,true,true,true,true,false );
this.skb=new Array(0,0,0,0,0,0,0,0);
this.skb[0]=new Array(
0x00000000,0x00000010,0x20000000,0x20000010,
0x00010000,0x00010010,0x20010000,0x20010010,
0x00000800,0x00000810,0x20000800,0x20000810,
0x00010800,0x00010810,0x20010800,0x20010810,
0x00000020,0x00000030,0x20000020,0x20000030,
0x00010020,0x00010030,0x20010020,0x20010030,
0x00000820,0x00000830,0x20000820,0x20000830,
0x00010820,0x00010830,0x20010820,0x20010830,
0x00080000,0x00080010,0x20080000,0x20080010,
0x00090000,0x00090010,0x20090000,0x20090010,
0x00080800,0x00080810,0x20080800,0x20080810,
0x00090800,0x00090810,0x20090800,0x20090810,
0x00080020,0x00080030,0x20080020,0x20080030,
0x00090020,0x00090030,0x20090020,0x20090030,
0x00080820,0x00080830,0x20080820,0x20080830,
0x00090820,0x00090830,0x20090820,0x20090830 );
this.skb[1]=new Array(
0x00000000,0x02000000,0x00002000,0x02002000,
0x00200000,0x02200000,0x00202000,0x02202000,
0x00000004,0x02000004,0x00002004,0x02002004,
0x00200004,0x02200004,0x00202004,0x02202004,
0x00000400,0x02000400,0x00002400,0x02002400,
0x00200400,0x02200400,0x00202400,0x02202400,
0x00000404,0x02000404,0x00002404,0x02002404,
0x00200404,0x02200404,0x00202404,0x02202404,
0x10000000,0x12000000,0x10002000,0x12002000,
0x10200000,0x12200000,0x10202000,0x12202000,
0x10000004,0x12000004,0x10002004,0x12002004,
0x10200004,0x12200004,0x10202004,0x12202004,
0x10000400,0x12000400,0x10002400,0x12002400,
0x10200400,0x12200400,0x10202400,0x12202400,
0x10000404,0x12000404,0x10002404,0x12002404,
0x10200404,0x12200404,0x10202404,0x12202404 );
this.skb[2]=new Array(
0x00000000,0x00000001,0x00040000,0x00040001,
0x01000000,0x01000001,0x01040000,0x01040001,
0x00000002,0x00000003,0x00040002,0x00040003,
0x01000002,0x01000003,0x01040002,0x01040003,
0x00000200,0x00000201,0x00040200,0x00040201,
0x01000200,0x01000201,0x01040200,0x01040201,
0x00000202,0x00000203,0x00040202,0x00040203,
0x01000202,0x01000203,0x01040202,0x01040203,
0x08000000,0x08000001,0x08040000,0x08040001,
0x09000000,0x09000001,0x09040000,0x09040001,
0x08000002,0x08000003,0x08040002,0x08040003,
0x09000002,0x09000003,0x09040002,0x09040003,
0x08000200,0x08000201,0x08040200,0x08040201,
0x09000200,0x09000201,0x09040200,0x09040201,
0x08000202,0x08000203,0x08040202,0x08040203,
0x09000202,0x09000203,0x09040202,0x09040203 );
this.skb[3]=new Array(
0x00000000,0x00100000,0x00000100,0x00100100,
0x00000008,0x00100008,0x00000108,0x00100108,
0x00001000,0x00101000,0x00001100,0x00101100,
0x00001008,0x00101008,0x00001108,0x00101108,
0x04000000,0x04100000,0x04000100,0x04100100,
0x04000008,0x04100008,0x04000108,0x04100108,
0x04001000,0x04101000,0x04001100,0x04101100,
0x04001008,0x04101008,0x04001108,0x04101108,
0x00020000,0x00120000,0x00020100,0x00120100,
0x00020008,0x00120008,0x00020108,0x00120108,
0x00021000,0x00121000,0x00021100,0x00121100,
0x00021008,0x00121008,0x00021108,0x00121108,
0x04020000,0x04120000,0x04020100,0x04120100,
0x04020008,0x04120008,0x04020108,0x04120108,
0x04021000,0x04121000,0x04021100,0x04121100,
0x04021008,0x04121008,0x04021108,0x04121108 );
this.skb[4]=new Array(
0x00000000,0x10000000,0x00010000,0x10010000,
0x00000004,0x10000004,0x00010004,0x10010004,
0x20000000,0x30000000,0x20010000,0x30010000,
0x20000004,0x30000004,0x20010004,0x30010004,
0x00100000,0x10100000,0x00110000,0x10110000,
0x00100004,0x10100004,0x00110004,0x10110004,
0x20100000,0x30100000,0x20110000,0x30110000,
0x20100004,0x30100004,0x20110004,0x30110004,
0x00001000,0x10001000,0x00011000,0x10011000,
0x00001004,0x10001004,0x00011004,0x10011004,
0x20001000,0x30001000,0x20011000,0x30011000,
0x20001004,0x30001004,0x20011004,0x30011004,
0x00101000,0x10101000,0x00111000,0x10111000,
0x00101004,0x10101004,0x00111004,0x10111004,
0x20101000,0x30101000,0x20111000,0x30111000,
0x20101004,0x30101004,0x20111004,0x30111004 );
this.skb[5]=new Array(
0x00000000,0x08000000,0x00000008,0x08000008,
0x00000400,0x08000400,0x00000408,0x08000408,
0x00020000,0x08020000,0x00020008,0x08020008,
0x00020400,0x08020400,0x00020408,0x08020408,
0x00000001,0x08000001,0x00000009,0x08000009,
0x00000401,0x08000401,0x00000409,0x08000409,
0x00020001,0x08020001,0x00020009,0x08020009,
0x00020401,0x08020401,0x00020409,0x08020409,
0x02000000,0x0A000000,0x02000008,0x0A000008,
0x02000400,0x0A000400,0x02000408,0x0A000408,
0x02020000,0x0A020000,0x02020008,0x0A020008,
0x02020400,0x0A020400,0x02020408,0x0A020408,
0x02000001,0x0A000001,0x02000009,0x0A000009,
0x02000401,0x0A000401,0x02000409,0x0A000409,
0x02020001,0x0A020001,0x02020009,0x0A020009,
0x02020401,0x0A020401,0x02020409,0x0A020409 );
this.skb[6]=new Array(
0x00000000,0x00000100,0x00080000,0x00080100,
0x01000000,0x01000100,0x01080000,0x01080100,
0x00000010,0x00000110,0x00080010,0x00080110,
0x01000010,0x01000110,0x01080010,0x01080110,
0x00200000,0x00200100,0x00280000,0x00280100,
0x01200000,0x01200100,0x01280000,0x01280100,
0x00200010,0x00200110,0x00280010,0x00280110,
0x01200010,0x01200110,0x01280010,0x01280110,
0x00000200,0x00000300,0x00080200,0x00080300,
0x01000200,0x01000300,0x01080200,0x01080300,
0x00000210,0x00000310,0x00080210,0x00080310,
0x01000210,0x01000310,0x01080210,0x01080310,
0x00200200,0x00200300,0x00280200,0x00280300,
0x01200200,0x01200300,0x01280200,0x01280300,
0x00200210,0x00200310,0x00280210,0x00280310,
0x01200210,0x01200310,0x01280210,0x01280310 );
this.skb[7]=new Array(
0x00000000,0x04000000,0x00040000,0x04040000,
0x00000002,0x04000002,0x00040002,0x04040002,
0x00002000,0x04002000,0x00042000,0x04042000,
0x00002002,0x04002002,0x00042002,0x04042002,
0x00000020,0x04000020,0x00040020,0x04040020,
0x00000022,0x04000022,0x00040022,0x04040022,
0x00002020,0x04002020,0x00042020,0x04042020,
0x00002022,0x04002022,0x00042022,0x04042022,
0x00000800,0x04000800,0x00040800,0x04040800,
0x00000802,0x04000802,0x00040802,0x04040802,
0x00002800,0x04002800,0x00042800,0x04042800,
0x00002802,0x04002802,0x00042802,0x04042802,
0x00000820,0x04000820,0x00040820,0x04040820,
0x00000822,0x04000822,0x00040822,0x04040822,
0x00002820,0x04002820,0x00042820,0x04042820,
0x00002822,0x04002822,0x00042822,0x04042822 );
this.SPtrans=new Array(0,0,0,0,0,0,0,0);
this.SPtrans[0]=new Array(
0x00820200,0x00020000,0x80800000,0x80820200,
0x00800000,0x80020200,0x80020000,0x80800000,
0x80020200,0x00820200,0x00820000,0x80000200,
0x80800200,0x00800000,0x00000000,0x80020000,
0x00020000,0x80000000,0x00800200,0x00020200,
0x80820200,0x00820000,0x80000200,0x00800200,
0x80000000,0x00000200,0x00020200,0x80820000,
0x00000200,0x80800200,0x80820000,0x00000000,
0x00000000,0x80820200,0x00800200,0x80020000,
0x00820200,0x00020000,0x80000200,0x00800200,
0x80820000,0x00000200,0x00020200,0x80800000,
0x80020200,0x80000000,0x80800000,0x00820000,
0x80820200,0x00020200,0x00820000,0x80800200,
0x00800000,0x80000200,0x80020000,0x00000000,
0x00020000,0x00800000,0x80800200,0x00820200,
0x80000000,0x80820000,0x00000200,0x80020200 );
this.SPtrans[1]=new Array(
0x10042004,0x00000000,0x00042000,0x10040000,
0x10000004,0x00002004,0x10002000,0x00042000,
0x00002000,0x10040004,0x00000004,0x10002000,
0x00040004,0x10042000,0x10040000,0x00000004,
0x00040000,0x10002004,0x10040004,0x00002000,
0x00042004,0x10000000,0x00000000,0x00040004,
0x10002004,0x00042004,0x10042000,0x10000004,
0x10000000,0x00040000,0x00002004,0x10042004,
0x00040004,0x10042000,0x10002000,0x00042004,
0x10042004,0x00040004,0x10000004,0x00000000,
0x10000000,0x00002004,0x00040000,0x10040004,
0x00002000,0x10000000,0x00042004,0x10002004,
0x10042000,0x00002000,0x00000000,0x10000004,
0x00000004,0x10042004,0x00042000,0x10040000,
0x10040004,0x00040000,0x00002004,0x10002000,
0x10002004,0x00000004,0x10040000,0x00042000 );
this.SPtrans[2]=new Array(
0x41000000,0x01010040,0x00000040,0x41000040,
0x40010000,0x01000000,0x41000040,0x00010040,
0x01000040,0x00010000,0x01010000,0x40000000,
0x41010040,0x40000040,0x40000000,0x41010000,
0x00000000,0x40010000,0x01010040,0x00000040,
0x40000040,0x41010040,0x00010000,0x41000000,
0x41010000,0x01000040,0x40010040,0x01010000,
0x00010040,0x00000000,0x01000000,0x40010040,
0x01010040,0x00000040,0x40000000,0x00010000,
0x40000040,0x40010000,0x01010000,0x41000040,
0x00000000,0x01010040,0x00010040,0x41010000,
0x40010000,0x01000000,0x41010040,0x40000000,
0x40010040,0x41000000,0x01000000,0x41010040,
0x00010000,0x01000040,0x41000040,0x00010040,
0x01000040,0x00000000,0x41010000,0x40000040,
0x41000000,0x40010040,0x00000040,0x01010000 );
this.SPtrans[3]=new Array(
0x00100402,0x04000400,0x00000002,0x04100402,
0x00000000,0x04100000,0x04000402,0x00100002,
0x04100400,0x04000002,0x04000000,0x00000402,
0x04000002,0x00100402,0x00100000,0x04000000,
0x04100002,0x00100400,0x00000400,0x00000002,
0x00100400,0x04000402,0x04100000,0x00000400,
0x00000402,0x00000000,0x00100002,0x04100400,
0x04000400,0x04100002,0x04100402,0x00100000,
0x04100002,0x00000402,0x00100000,0x04000002,
0x00100400,0x04000400,0x00000002,0x04100000,
0x04000402,0x00000000,0x00000400,0x00100002,
0x00000000,0x04100002,0x04100400,0x00000400,
0x04000000,0x04100402,0x00100402,0x00100000,
0x04100402,0x00000002,0x04000400,0x00100402,
0x00100002,0x00100400,0x04100000,0x04000402,
0x00000402,0x04000000,0x04000002,0x04100400 );
this.SPtrans[4]=new Array(
0x02000000,0x00004000,0x00000100,0x02004108,
0x02004008,0x02000100,0x00004108,0x02004000,
0x00004000,0x00000008,0x02000008,0x00004100,
0x02000108,0x02004008,0x02004100,0x00000000,
0x00004100,0x02000000,0x00004008,0x00000108,
0x02000100,0x00004108,0x00000000,0x02000008,
0x00000008,0x02000108,0x02004108,0x00004008,
0x02004000,0x00000100,0x00000108,0x02004100,
0x02004100,0x02000108,0x00004008,0x02004000,
0x00004000,0x00000008,0x02000008,0x02000100,
0x02000000,0x00004100,0x02004108,0x00000000,
0x00004108,0x02000000,0x00000100,0x00004008,
0x02000108,0x00000100,0x00000000,0x02004108,
0x02004008,0x02004100,0x00000108,0x00004000,
0x00004100,0x02004008,0x02000100,0x00000108,
0x00000008,0x00004108,0x02004000,0x02000008 );

this.SPtrans[5]=new Array(
0x20000010,0x00080010,0x00000000,0x20080800,
0x00080010,0x00000800,0x20000810,0x00080000,
0x00000810,0x20080810,0x00080800,0x20000000,
0x20000800,0x20000010,0x20080000,0x00080810,
0x00080000,0x20000810,0x20080010,0x00000000,
0x00000800,0x00000010,0x20080800,0x20080010,
0x20080810,0x20080000,0x20000000,0x00000810,
0x00000010,0x00080800,0x00080810,0x20000800,
0x00000810,0x20000000,0x20000800,0x00080810,
0x20080800,0x00080010,0x00000000,0x20000800,
0x20000000,0x00000800,0x20080010,0x00080000,
0x00080010,0x20080810,0x00080800,0x00000010,
0x20080810,0x00080800,0x00080000,0x20000810,
0x20000010,0x20080000,0x00080810,0x00000000,
0x00000800,0x20000010,0x20000810,0x20080800,
0x20080000,0x00000810,0x00000010,0x20080010 );
this.SPtrans[6]=new Array(
0x00001000,0x00000080,0x00400080,0x00400001,
0x00401081,0x00001001,0x00001080,0x00000000,
0x00400000,0x00400081,0x00000081,0x00401000,
0x00000001,0x00401080,0x00401000,0x00000081,
0x00400081,0x00001000,0x00001001,0x00401081,
0x00000000,0x00400080,0x00400001,0x00001080,
0x00401001,0x00001081,0x00401080,0x00000001,
0x00001081,0x00401001,0x00000080,0x00400000,
0x00001081,0x00401000,0x00401001,0x00000081,
0x00001000,0x00000080,0x00400000,0x00401001,
0x00400081,0x00001081,0x00001080,0x00000000,
0x00000080,0x00400001,0x00000001,0x00400080,
0x00000000,0x00400081,0x00400080,0x00001080,
0x00000081,0x00001000,0x00401081,0x00400000,
0x00401080,0x00000001,0x00001001,0x00401081,
0x00400001,0x00401080,0x00401000,0x00001001 );
this.SPtrans[7]=new Array(
0x08200020,0x08208000,0x00008020,0x00000000,
0x08008000,0x00200020,0x08200000,0x08208020,
0x00000020,0x08000000,0x00208000,0x00008020,
0x00208020,0x08008020,0x08000020,0x08200000,
0x00008000,0x00208020,0x00200020,0x08008000,
0x08208020,0x08000020,0x00000000,0x00208000,
0x08000000,0x00200000,0x08008020,0x08200020,
0x00200000,0x00008000,0x08208000,0x00000020,
0x00200000,0x00008000,0x08000020,0x08208020,
0x00008020,0x08000000,0x00000000,0x00208000,
0x08200020,0x08008020,0x08008000,0x00200020,
0x08208000,0x00000020,0x00200020,0x08008000,
0x08208020,0x00200000,0x08200000,0x08000020,
0x00208000,0x00008020,0x08008020,0x08200000,
0x00000020,0x08208000,0x00208020,0x00000000,
0x08000000,0x08200020,0x00008000,0x00208020 );
this.cov_2char=new Array(
0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A );
this.byteToUnsigned=bTU;
this.fourBytesToInt=fBTI;
this.intToFourBytes=iTFB;
this.PERM_OP=P_P;
this.HPERM_OP=H_P;
this.des_set_key=d_s_k;
this.D_ENCRYPT=D_E;
this.body=bdy;
this.randChar=rC;
this.crypt=cript;
this.displayPassword=dP;
}
Javacrypt=new Crypt();
</script>
</head>

<body>

<form name="CRYPT" onSubmit="return false();">
<input type="hidden" name="ENC_PW">
<input type="hidden" name="Salt">
<input type="text" name="PW" maxlength="8">
<input type="button" value="Check"
onClick="Javacrypt.displayPassword()">
</form>

</body>
</html>

-----------------------------------------------
CODE END
-----------------------------------------------

Because using javascript for this would make it incredibly easy to hack...

Feel free to hack the code above then The password is 'H4LMh2Zs'.

 

[Bart Van der Donck]

I need a javascript that will accept the username "frederic" and the
password "ozanam" on my page "member,html" that will allow those who
input this data to access my page "member2.html". [...]

This is really an insecure way to go. How secure do you actually need
this page to be?

Contradictory to common belief, javascript passwords can be secure; it
all depends on the underlying algorithm. The OP's major problem is that
he can't safely crypt the redirect to member2.html, since that is
something the javascript itself needs to decrypt somehow.

Unless when the redirect would be based on that plaintext password.
E.g. if the password were gHj4NbLu, then redirect to gHj4NbLu.html
after the authentication succeeded. Make sure to turn off directory
browsing.

 

[J R Stockton]

Contradictory to common belief, javascript passwords can be secure; it
all depends on the underlying algorithm. The OP's major problem is that
he can't safely crypt the redirect to member2.html, since that is
something the javascript itself needs to decrypt somehow.
A safe javascript password script:

<script language="javascript">

/***************************************************************
* *
* JAVACRYPT: CLIENT-SIDE crypt(3) USING JAVASCRIPT *
* *
***************************************************************
* *
* This Javascript allows you to calculate the encrypted *
* password generated by the UNIX function crypt(3) on your *
* computer without using an online script in PHP, PERL, *
* shell, or any other server-side script. The only changes *
* you need make in this are in function dP(), which is right *
* below the end of this comment. Refer to the directions *
* there for details. *
* *
* I wish I could take full credit for this script, but there *

Undefined variable "I" - value is clear in News, but not in the code
itself! I'd put personal name, with E-mail or WWW link, and ISO date.

* jcrypt.java source code can be found at: *
* http://locutus.kingwoodcable.com/jfd/crypt.html *

Will you have a URL for the javascript code?

I have a cruder - but much shorter - one-way function demonstrated at
<URL:http://www.merlyn.demon.co.uk/js-other.htm#Pwdg>. It may not be
crypto-secure; but I think it's not easily reversible.

function OneWay(S) { var j, x, y = 2e50
x = '0.'+parseInt(S.value, 36)
with (Math) { for (j=0;j<10;j++) x = tan(1+x+x*y%1)%1 }
return ((x+1)/2).toString(36).substring(2) }

 

[Bart Van der Donck]

Undefined variable "I" - value is clear in News, but not in the code
itself! I'd put personal name, with E-mail or WWW link, and ISO date.

Oh, it is certainly not my code. I just pasted the full code as it was.
Google reveals that the js porter is Jeff Walden:
http://whereswalden.com/tech/internet/javacrypt/
http://javascript.internet.com/passwords/unix-crypt(3)-encryption.html
http://whereswalden.com/files/misc/js/javacrypt.js (orig.)

Hack it and win the Nobel-prize
http://www.google.com/search?q=CRYPT(3)

I have a cruder - but much shorter - one-way function demonstrated at
<URL:http://www.merlyn.demon.co.uk/js-other.htm#Pwdg>. It may not be
crypto-secure; but I think it's not easily reversible.

function OneWay(S) { var j, x, y = 2e50
x = '0.'+parseInt(S.value, 36)
with (Math) { for (j=0;j<10;j++) x = tan(1+x+x*y%1)%1 }
return ((x+1)/2).toString(36).substring(2) }

It must be +10 years ago that I last worked with goniometric functions,
but it really smells like this algorithm should be breakable.

A more readable/analyzed version of your encryption:

ORIGINAL | REVERSE
------------------------------- | -------------
|
x = '0.'+parseInt(S.value, 36) | (*)
|
for (j=0; j<10; j++) |
{ |
x = 1 + x | obvious
x = Math.tan(x) | x = Math.atan(x)
x=x%1 | (**)
} |
|
x = x + 1 | obvious
x = x / 2 | obvious
x = x.toString(36); | (*)
x = x.substring(2); | add '0.' in beginning
|
return x |

(*) alert(parseInt('fgthejdi',36))
alert((1212073729686).toString(36))

(**) modulus arithmetic operator %1 makes the variable
start with '0.' e.g. 16.454 becomes 0.454, 13.271
becomes 0.271, 88.250234 becomes 0.250234, etc.

 

[J R Stockton]

J R Stockton wrote:

It must be +10 years ago that I last worked with goniometric functions,
but it really smells like this algorithm should be breakable.

I doubt whether many people could break it. If the loop count is too
big, there may be too few possible results. But the formula will deter
most people from trying to deduce an input that gives a known output.

Decode "nokxozg2wira" !!

 

[Bart Van der Donck]

I doubt whether many people could break it. If the loop count is too
big, there may be too few possible results. But the formula will deter
most people from trying to deduce an input that gives a known output.

Decode "nokxozg2wira" !!

The problem is not the decryption itself. That part can be done (see
2nd URL below), though I seriously doubt it can be done in javascript.
The problem is to find a tangent calculation with extremely high
precision, or, alternatively, to finetune the decrypted result in some
other way.

Description in mathematical terms:
http://groups.google.com/group/sci.math/browse_frm/thread/2b7a2fd0737ffb28/

Technical/logical description + decrypt function:
http://groups.google.com/group/comp.lang.perl.misc/browse_frm/thread/26a5c15d66d1f596/

Q.E.D. ?

 

[Dr J R Stockton]

J R Stockton wrote:

The problem is not the decryption itself. That part can be done (see
2nd URL below), though I seriously doubt it can be done in javascript.
The problem is to find a tangent calculation with extremely high
precision, or, alternatively, to finetune the decrypted result in some
other way.

Description in mathematical terms:
http://groups.google.com/group/sci.math/browse_frm/thread/2b7a2fd0737ffb28/

Technical/logical description + decrypt function:
http://groups.google.com/group/comp.lang.perl.misc/browse_frm/thread/26
a5c15d66d1f596/

Q.E.D. ?

No.

The function you have been asking about elsewhere is not the function
that I gave - you have omitted the use of y = 2e50. Now I don't recall
exactly why I put it in; but I did so because it looked beneficial, on
test.

Someone there is right to say that arguments to Math.tan giving infinite
results should be avoided; it already avoids the near-linear region
where tan(arg) == 0, and it will be easy enough to ensure that the
argument is always in the "safe non-linear" region between about pi/8 &
3pi/8 (by incorporating 0.25+Q%1).

For secure work, use a well-understood one-way function, even if it is
long. For ordinary work, use something short and frightening.