PDA

View Full Version : Encrypt password ---- Fixed Problem



vishal
08-31-2005, 01:25 PM
hello guys i have fixed some problems in Encrypt password script

here is the corrected script

First of all u need to make ur own password
click in this link and make ur own password
http://www.dynamicdrive.com/dynamicindex9/password.htm

And now use this code instead of that

<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
if(usercode==<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==1552379774400&&passcode==15415039530)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location="http://change.hiya-host.com/vishal/flash clock.html"}
else{
alert("Username/password combination wrong")}
}
</script>

<form name="password1">
<strong>Enter username: </strong>
<input type="text" name="username2" size="15">
<br>
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">

<input type="button" value="Submit" onClick="submitentry()">
</form><script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==1552379774400&&passcode==15415039530)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location="http://change.hiya-host.com/vishal/flash clock.html"}
else{
alert("Username/password combination wrong")}
}
</script>

and change the password and username numbes accordingly and enjoy

Twey
08-31-2005, 01:56 PM
That is some seriously messed up code.
It defines submitentry() thrice.

vishal
09-03-2005, 02:56 PM
which one this code or the previous one

actually i got the same prob with the code in present in the home page

Twey
09-03-2005, 03:05 PM
Look at it. You've just pasted
<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
if(usercode==<script>
three times. That won't even run.

lionet
10-05-2006, 12:09 AM
Please note that this script is not secure.

It is cracked in 3-10 seconds using the following C program:

#include <stdio.h>


static unsigned char alphabet[]="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
static asize = sizeof(alphabet) - 1;

static int
crack_code_of_length(int code, unsigned char *buf, int cno, int pwlen) {
int pcode;
int i;

for(buf[cno] = 0, pcode = 1, i = 0; i < cno; i++)
pcode *= buf[i];
if(pcode > code)
return -1;
if(pcode == code)
printf("%s\n", buf);

if(cno < pwlen) {
int sym;
for(sym = 0; sym < asize; sym++) {
buf[cno] = alphabet[sym];
if(crack_code_of_length(code, buf, cno + 1, pwlen))
return 0;
}
}

return 0;
}

#define MAXPASSWORDLENGTH 7
int
main(int ac, char **av) {
unsigned char buf[MAXPASSWORDLENGTH + 1];
int code;

int pwlen;
if(ac != 2) {
fprintf(stderr, "Usage: %s <code>\n", av[0]);
return 1;
}

code = atoi(av[1]);
for(pwlen = 1; pwlen <= MAXPASSWORDLENGTH; pwlen++)
crack_code_of_length(code, buf, 0, pwlen);
return 0;
}

Twey
10-05-2006, 07:36 PM
Yes, the algorithm is rather insecure. I've noted this and modified the script to allow other algorithms (Paj's MD5 implementation by default) in my rewrite of the script (http://www.twey.co.uk/?q=encpass).

Congratulations on cracking it, though :) Do you do a lot of crypto?

mburt
10-05-2006, 08:39 PM
Those JavaScript passwords all have a mathematical formula though. It's not impossible (almost though... :)) I've tried it before and have come pretty close.

941094 would be the hash for abc.

To decrypt it, you would first devide it by 99, then 98 then 97 and if the result is "1" you know you've solved it. The three numbers you devided it by are the letters.
97 = a
98 = b
99 = c
etc
which is the breakdown of charCodeAt

Twey
10-05-2006, 08:47 PM
Of course they can be cracked. It should, however, be very difficult, and take a theoretically large amount of years -- thus the point in irreversible hashing algorithms such as MD5. Nothing can secure the webmaster against a bad password, though.

mburt
10-05-2006, 08:50 PM
Yes MD5 is irreversible. I love math though, these things just thrill me :)

mburt
10-05-2006, 09:00 PM
In the hash code though there is 26 to the power of the number of characters possibilities. So if the password was "hello" there would be 11881376 possiblities. So yes. It would take a while lol

djr33
10-06-2006, 02:05 AM
Not all that long. It would certainly run in less than a day, I'd think. However, it would then take 26 days to do 6 characters, etc.
Additionally, passwords with just lowercase letters ARE easier to crack. Try uppercase, numbers and symbols. Even odd symbols, like those only available in extended character sets. That's like 256^chars. (256? more?)

mburt
10-06-2006, 11:42 AM
Yes, you're exactly right. If someone used upper and lowercase letters each one would have a different character code, which would take longer.