PDA

View Full Version : My Encrypted Password Script :)



mburt
08-01-2006, 11:18 PM
Hi,

I've been working on this script for AGES.. it uses a series of numbers to figure out what the password is, and then verifies. It's almost like.. it's too good to be true, but that's exactly what I'm trying to figure out. I think there may be something wrong with it. :)

The password is "password"

So go ahead, I'm ready for insults.



<html>
<head>
<script>
function securepass() {
var alpha=new Array("","a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z")
var combo=new Array('',16,1,19,19,23,15,18,4)
var notCorrect=false
for (i=1;i<=combo.length-1;i++) {
inputH.value=inputH.value.substring(0,i)+alpha[combo[i]]
if (input.value==inputH.value) {alert("Correct Password");notCorrect=false;input.value=''}
else {notCorrect=true}
}
if (notCorrect==true) {alert("Invalid Password");inputH.value='';input.value=''}
}
</script>
</head>
<body>
<input id="input">
<br><input type="button" value="Log In" onclick="securepass()">
<input id="inputH" style="display:none">
<br>Type in "password", and then try other combinations.
</body>
</html>

mburt
08-01-2006, 11:44 PM
To be more specific, I'm looking for someone to verify this script.

Twey
08-02-2006, 12:16 AM
I'm no crypto expert, but I think this is reversible. It would certainly be possible to figure it out from the value of inputH...

mburt
08-02-2006, 12:34 AM
Thanks, I'll try to make it better. I honestly didn't know how to improve, so that's why I posted this thread.

Twey
08-02-2006, 12:39 AM
Ah, I see. The key here is to come up with an algorithm that, will take any data given to it and transform it in such a way that it can't be transformed back, and gives no clue as to the original data.

Or, you could nick someone else's, like I did. :p

mburt
08-02-2006, 12:43 AM
So, I would create a number/letter pattern for a single letter, which would be hard to crack. Anyways, I'll be working on it for a while, so thanks for all your help :)

mburt
08-02-2006, 12:46 AM
What I originally had as a password thingy was this: (it's horrible)



<script>
function testPass() {
if (input.value=="password") {alert("Correct")}
else {alert("Incorrect")}
}
</script>


So I kept trying to come up with a way to make it more secure. Then I came across a number/letter system to convert numbers to letters.

I'll try to upgrade from here.

mburt
08-02-2006, 01:18 AM
But I'm still not sure on how to do this.. I know I have to search a string for letters, and translate it into a series of characters. But that's pretty much it. Any help would be appreciated

Twey
08-02-2006, 01:32 AM
You have to do it in such a way that it can't be reversed.

Look at Rob Heslop's for an idea (although not a role model): his script takes the ASCII value of each character and multiplies it in with the rest. That's irreversible, since there are quite a few possibilities that would yield the same result.

mburt
08-02-2006, 02:04 AM
Could you provide a link to this?

Twey
08-02-2006, 02:13 AM
var hash = 1;
for(var i=0;i<str.length;i++) hash *= str.charCodeAt(i);

mburt
08-02-2006, 01:49 PM
Holy flyin' goat skins, Batman!!

Where'd you come up with something like that.. I would have never thought of that. You are really good at this stuff.

mburt
08-02-2006, 01:52 PM
So the str.charCodeAt is just the &# + num codes... Cool. I'll work around it from here.

mburt
08-02-2006, 01:54 PM
That's ridiculously clever..

Twey
08-02-2006, 01:57 PM
I told you, that's not mine, it's Rob Heslop's. :p

It's not a bad idea, but it has several flaws: it's quite prone to collisions, and it gives away the approximate length of the original string.

shachi
08-02-2006, 02:02 PM
Umm... I don't think I know what this script is supposed to do.:-/

mburt
08-02-2006, 02:16 PM
It's not a bad idea, but it has several flaws

You've got to admit thought, It's alot better than my old idea. The only problem I have now is, when you run the for loop, the hash's value is seperate.

Ex:

if the str value was "abc"

the str.charCodeAt(i) would come out (if you window alerted it)

97
New Window
98
New Window
99

I want them meshed together, so I can get a letter combination out of that data.. or maybe I'm doing something wrong. I don't know.

mburt
08-02-2006, 02:48 PM
Basically, I'm trying to figure out how to validate a bunch of seperate numbers.

Twey
08-02-2006, 02:50 PM
As in Rob Heslop's example, add, multiply, divide, subtract, or even xor them together. They're all irreversible operations. The key is to try to break from the boundaries of the ASCII range.

mburt
08-02-2006, 03:00 PM
Okay, thanks (again) :)

mburt
08-02-2006, 04:54 PM
This is my new script:


<html>
<head>
<script language="javascript">
function decode(str) {
var hash = 1
var pass = "97"+97*98+""+eval(97*98)*99
var correct
for (i=0;i<=str.length-1;i++) {
hash*=str.charCodeAt(i)
input2.value+=hash
if (input2.value==pass) {alert("Correct password");input2.value='';correct=true}
else {correct=false}
}
if (correct==false) {alert("Incorrect password");input2.value='';input.value=''}
}
</script>
</head>
<body>
Password: abc
<br><input id="input" type="password" onblur="decode(this.value)">
<input id="input2" style="display:none">
</body>
</html>

mburt
08-02-2006, 08:03 PM
Update


<html>
<head>
<script language="javascript">
function decode(str) {
var l = new Array('80','97','115','115','87','111','114','100','')
var step1 = l[0]*l[1]
var step2 = step1*l[2]
var step3 = step2*l[3]
var step4 = step3*l[4]
var step5 = step4*l[5]
var step6 = step5*l[6]
var step7 = step6*l[7]
var pass = l[0]+step1+step2+step3+step4+step5+step6+step7
var correct
var hash = 1
for (i=0;i<=str.length-1;i++) {
hash*=str.charCodeAt(i)
input2.value+=hash
if (input2.value==pass) {alert("Correct password");input2.value='';input.value='';correct=true}
else {correct=false}
}
if (correct==false) {alert("Incorrect password");input2.value='';input.value=''}
}
</script>
</head>
<body>
Password: PassWord
<br><input id="input" type="password"><input id="input2" style="display:none">
<br><input type="button" value="Validate" onclick="decode(input.value)">
</body>
</html>