Encrypted Password

[neo_philiac]

1) Script Title: Encrypted Password

2) Script URL (on DD): Encrypted Password :

<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==134603040&&passcode==126906300)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location=password+".htm"}
else{
alert("password/username combination wrong")}
}
</script>

<form name="password1">
<strong>Enter username: </strong>
<input type="text" name="username2" size="15">
<br>
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">

<input type="button" value="Submit" onClick="submitentry()">
</form>

3) Describe problem: If you wanted to bypass this method (as mentioned in the "Encrypted Password Generator" script) , how would you do it. I am challenging the integrity of this code in order to enhance my own security. Please post your methods for bypassing this trick of making the password unviewable by just looking at the source.

My method:

View the List all the files in the web folder to look at the page named after password.

[please post yours]

Thanks

[Twey]

It's not exactly a perfect algorithm, and I suspect that someone with more knowledge in cryptography than I do would find it rather trivial to crack. It certainly gives away an approximation of the length of the password, which is why I rewrote it, to (amongst other things) be more flexible in the algorithms possible. I've used MD5 (thanks to Paul Andrew Jackson) in the example.