Encrypt password ---- Fixed Problem

[vishal]

hello guys i have fixed some problems in Encrypt password script

here is the corrected script

First of all u need to make ur own password
click in this link and make ur own password
http://www.dynamicdrive.com/dynamicindex9/password.htm

And now use this code instead of that

Code:

<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive 
//Visit http://www.dynamicdrive.com 

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
if(usercode==<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive 
//Visit http://www.dynamicdrive.com 

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==1552379774400&&passcode==15415039530)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location="http://change.hiya-host.com/vishal/flash clock.html"}
else{
alert("Username/password combination wrong")}
}
</script>

<form name="password1">
<strong>Enter username: </strong>
<input type="text" name="username2" size="15">
<br>
<strong>Enter password: </strong>
<input type="password" name="password2" size="15">

<input type="button" value="Submit" onClick="submitentry()">
</form><script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive 
//Visit http://www.dynamicdrive.com 

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
//CHANGE THE NUMBERS BELOW TO REFLECT YOUR USERNAME/PASSWORD
if(usercode==1552379774400&&passcode==15415039530)
//CHANGE THE NUMBERS ABOVE TO REFLECT YOUR USERNAME/PASSWORD
{
window.location="http://change.hiya-host.com/vishal/flash clock.html"}
else{
alert("Username/password combination wrong")}
}
</script>

and change the password and username numbes accordingly and enjoy

[Twey]

That is some seriously messed up code.
It defines submitentry() thrice.

[vishal]

which one this code or the previous one

actually i got the same prob with the code in present in the home page

[Twey]

Look at it. You've just pasted

<script>
//Encrypted Password script- By Rob Heslop
//Script featured on Dynamic Drive
//Visit http://www.dynamicdrive.com

function submitentry(){
password = document.password1.password2.value.toLowerCase()
username = document.password1.username2.value.toLowerCase()
passcode = 1
usercode = 1
for(i = 0; i < password.length; i++) {
passcode *= password.charCodeAt(i);
}
for(x = 0; x < username.length; x++) {
usercode *= username.charCodeAt(x);
}
if(usercode==<script>

three times. That won't even run.

[lionet]

Please note that this script is not secure.

It is cracked in 3-10 seconds using the following C program:

#include <stdio.h>

Code:

static unsigned char alphabet[]="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
static asize = sizeof(alphabet) - 1;

static int
crack_code_of_length(int code, unsigned char *buf, int cno, int pwlen) {
	int pcode;
	int i;

	for(buf[cno] = 0, pcode = 1, i = 0; i < cno; i++)
		pcode *= buf[i];
	if(pcode > code)
		return -1;
	if(pcode == code)
		printf("%s\n", buf);

	if(cno < pwlen) {
		int sym;
		for(sym = 0; sym < asize; sym++) {
			buf[cno] = alphabet[sym];
			if(crack_code_of_length(code, buf, cno + 1, pwlen))
				return 0;
		}
	}

	return 0;
}

#define	MAXPASSWORDLENGTH	7
int
main(int ac, char **av) {
	unsigned char buf[MAXPASSWORDLENGTH + 1];
	int code;

	int pwlen;
	if(ac != 2) {
		fprintf(stderr, "Usage: %s <code>\n", av[0]);
		return 1;
	}

	code = atoi(av[1]);
	for(pwlen = 1; pwlen <= MAXPASSWORDLENGTH; pwlen++)
		crack_code_of_length(code, buf, 0, pwlen);
	return 0;
}

[Twey]

Yes, the algorithm is rather insecure. I've noted this and modified the script to allow other algorithms (Paj's MD5 implementation by default) in my rewrite of the script.

Congratulations on cracking it, though Do you do a lot of crypto?

[mburt]

Those JavaScript passwords all have a mathematical formula though. It's not impossible (almost though... ) I've tried it before and have come pretty close.

941094 would be the hash for abc.

To decrypt it, you would first devide it by 99, then 98 then 97 and if the result is "1" you know you've solved it. The three numbers you devided it by are the letters.
97 = a
98 = b
99 = c
etc
which is the breakdown of charCodeAt

[Twey]

Of course they can be cracked. It should, however, be very difficult, and take a theoretically large amount of years -- thus the point in irreversible hashing algorithms such as MD5. Nothing can secure the webmaster against a bad password, though.

[mburt]

Yes MD5 is irreversible. I love math though, these things just thrill me

[mburt]

In the hash code though there is 26 to the power of the number of characters possibilities. So if the password was "hello" there would be 11881376 possiblities. So yes. It would take a while lol