mwinter

07-04-2005, 09:56 PM

I'd just like to point out that it's really pointless to do thisIndeed.

as anyone can look at the source and see what the password is.If you (the OP) really must do this, you have to encode the password. Putting it in as plain text really is useless.

There have been some algorithms cited here before, but they make brute forcing quite simple as you can make obvious guesses as to password length (and that really narrows down the time needed).

I would suggest, but still not recommend, a proper hash function. Many are simple to produce. The MD4 implementation below weighs in at about 4.6KBs with white space (less than three without) and is very fast. Though a mathematical hash can be brute-forced, there are generally no clues as to what the original data contained.

Getting everything you've asked for:

<script type="text/javascript" src="md4.js"></script>

<script type="text/javascript">

var hash = '8a9d093f14f8701df17732b2bb182c74';

function authenticate() {

var password = prompt('Please enter your password:');

location.href = !password

? '...' /* Cancelled URL */

: (String(password).md4() == hash)

? password + '.html'

: '...'; /* Invalid URL */

}

</script>The value of hash in this example is the string 'password' hashed by MD4.

Mike

The contents of md4.js:

String.prototype.md4 = (function() {

function f(x, y, z) {return (x & y) | (~x & z);}

function g(x, y, z) {return (x & y) | (x & z) | (y & z);}

function h(x, y, z) {return x ^ y ^ z;}

return function() {

var a = 0x67452301,

b = 0xefcdab89,

c = 0x98badcfe,

d = 0x10325476,

m = String(this).toUTF8(),

x = [],

y = m.length,

aa, bb, cc, dd, i, j, n;

function r(a, b, c, d, k, s) {

return (a + f(b, c, d) + x[k]).rotl(s);

}

function s(a, b, c, d, k, s) {

return (a + g(b, c, d) + x[k] + 0x5a827999).rotl(s);

}

function t(a, b, c, d, k, s) {

return (a + h(b, c, d) + x[k] + 0x6ed9eba1).rotl(s);

}

n = y % 64;

n = (n < 56)

? 56 - n

: 120 - n;

m += '\x80';

for(i = 1; i < n; ++i) {m += '\0';}

y *= 8;

for(i = 0; i < 8; ++i) {

m += String.fromCharCode(y & 0xff);

y /= 0x100;

}

for(i = 0, n = m.length / 64; i < n; ++i) {

aa = a;

bb = b;

cc = c;

dd = d;

for(j = 0; j < 16; ++j) {

x[j] = m.charCodeAt(i * 64 + j * 4)

| (m.charCodeAt(i * 64 + j * 4 + 1) << 8)

| (m.charCodeAt(i * 64 + j * 4 + 2) << 16)

| (m.charCodeAt(i * 64 + j * 4 + 3) << 24);

}

a = r(a, b, c, d, 0, 3);

d = r(d, a, b, c, 1, 7);

c = r(c, d, a, b, 2, 11);

b = r(b, c, d, a, 3, 19);

a = r(a, b, c, d, 4, 3);

d = r(d, a, b, c, 5, 7);

c = r(c, d, a, b, 6, 11);

b = r(b, c, d, a, 7, 19);

a = r(a, b, c, d, 8, 3);

d = r(d, a, b, c, 9, 7);

c = r(c, d, a, b, 10, 11);

b = r(b, c, d, a, 11, 19);

a = r(a, b, c, d, 12, 3);

d = r(d, a, b, c, 13, 7);

c = r(c, d, a, b, 14, 11);

b = r(b, c, d, a, 15, 19);

a = s(a, b, c, d, 0, 3);

d = s(d, a, b, c, 4, 5);

c = s(c, d, a, b, 8, 9);

b = s(b, c, d, a, 12, 13);

a = s(a, b, c, d, 1, 3);

d = s(d, a, b, c, 5, 5);

c = s(c, d, a, b, 9, 9);

b = s(b, c, d, a, 13, 13);

a = s(a, b, c, d, 2, 3);

d = s(d, a, b, c, 6, 5);

c = s(c, d, a, b, 10, 9);

b = s(b, c, d, a, 14, 13);

a = s(a, b, c, d, 3, 3);

d = s(d, a, b, c, 7, 5);

c = s(c, d, a, b, 11, 9);

b = s(b, c, d, a, 15, 13);

a = t(a, b, c, d, 0, 3);

d = t(d, a, b, c, 8, 9);

c = t(c, d, a, b, 4, 11);

b = t(b, c, d, a, 12, 15);

a = t(a, b, c, d, 2, 3);

d = t(d, a, b, c, 10, 9);

c = t(c, d, a, b, 6, 11);

b = t(b, c, d, a, 14, 15);

a = t(a, b, c, d, 1, 3);

d = t(d, a, b, c, 9, 9);

c = t(c, d, a, b, 5, 11);

b = t(b, c, d, a, 13, 15);

a = t(a, b, c, d, 3, 3);

d = t(d, a, b, c, 11, 9);

c = t(c, d, a, b, 7, 11);

b = t(b, c, d, a, 15, 15);

a += aa;

b += bb;

c += cc;

d += dd;

}

m = (a & 0xff).pad(2, 16)

+ ((a >> 8) & 0xff).pad(2, 16)

+ ((a >> 16) & 0xff).pad(2, 16)

+ ((a >> 24) & 0xff).pad(2, 16);

m += (b & 0xff).pad(2, 16)

+ ((b >> 8) & 0xff).pad(2, 16)

+ ((b >> 16) & 0xff).pad(2, 16)

+ ((b >> 24) & 0xff).pad(2, 16);

m += (c & 0xff).pad(2, 16)

+ ((c >> 8) & 0xff).pad(2, 16)

+ ((c >> 16) & 0xff).pad(2, 16)

+ ((c >> 24) & 0xff).pad(2, 16);

m += (d & 0xff).pad(2, 16)

+ ((d >> 8) & 0xff).pad(2, 16)

+ ((d >> 16) & 0xff).pad(2, 16)

+ ((d >> 24) & 0xff).pad(2, 16);

return m;

};

})();

Number.prototype.pad = function(l, r, c) {

return (+this).toString(r || 10).pad(l, c || '0');

};

Number.prototype.rotl = function(n) {

n &= 0x1f;

return (this << n) | (this >>> (32 - n));

};

String.prototype.pad = function(l, c) {

var S = String(this),

n = Math.max(l - S.length, 0);

while(n--) {S = c + S;}

return S;

};

String.prototype.toUTF8 = function() {

var S = new String(this),

s = '',

c;

for(var i = 0, n = S.length; n > i; ++i) {

c = S.charCodeAt(i);

if(0x0080 > c) {

s += S.charAt(i);

} else if(0x0800 > c) {

s += String.fromCharCode(0xc0 | ((c >>> 6) & 0x1f),

0x80 | (c & 0x3f));

} else if((0xd800 > c) || (c > 0xdfff)) {

s += String.fromCharCode(0xe0 | ((c >>> 12) & 0x0f),

0x80 | ((c >>> 6) & 0x3f), 0x80 | (c & 0x3f));

} else {

c += 0x40;

s += String.fromCharCode(0xf0 | ((c >>> 8) & 0x07),

0x80 | ((c >>> 2) & 0x3f));

c = ((c & 0x03) << 10) | (S.charCodeAt(++i) & 0x3ff);

s += String.fromCharCode(0x80 | (c >>> 6),

0x80 | (c & 0x3f));

}

}

return s;

};

Powered by vBulletin® Version 4.2.2 Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.