What data is encoded?
in [Cryptography]
|
From: mistral on 3 Oct 2006 09:35 Tom St Denis пиÑ?ал(а): > mistral wrote: > > some people consider that encoding of javascript code on html page is > > very weak, easily crackable, and unreliable. May be. Nevertheless, what > > data is encoded below, and what enctyption method used? > > It appears that you use MD5 to hash the password and then RC4 to > decrypt the data. > > Assuming the password wasn't trivial why would you assume we could > break this? > > BTW, if you use RC4 to encrypt the message you don't have to obfuscate > your code since the secrecy lies in the key not the code. > > And your code is horrible btw ... > > Tom --------------- Its not my code. Its just page sample, encrypted with HTML Password Lock software. As it you can see, its strong enough, so can no break password easily. here is full page: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!--Protected by HTML Password Lock, MTop Software Inc.--><!-- saved from url=(0014)about:internet --><HTML><HEAD> <SCRIPT language=javascript>window.onerror=null;</SCRIPT> <SCRIPT language=JavaScript> var tab="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";function HHHHH(DDDDD,msg1){var NNNII=new Array('suQvIsGK47/GwKz2wvvz0rtyOyABl2UrTkHN1Cu7PT0oY1SPIkvh4V7/LNSnymZkQJTfMCdn0P7ATyHos9TvOrxNhjkNNlGZBYqk2fQwnnb1WPxoPbXje763i5E+4Es9F/AcfqV23LTrw786KXAd3KIEIRcMT1S6oLCGjRXX0dcvvq12myw+Kw3SkAHncNKDzf91WV6s2K4yUpOJ+d1m+tSHKH51neRQOjld9qZ3NLBNU/LBQUTA6lSY0OYh/RO8ZtVAfhPDcA+8hltHO59p6U7MBLvQDR7H0dhKqndBJxsyDTVQJXImt4NAzmwgGSf1tHz/hhJyBqE7kuzuKPB8wB','xbEk0w1DdGoK57w4Yn44uOb5nGjJleA9IZiTjLNtJany+4kGyA8r2UP/vsWzDmM0d5ieMyNnu/eTIbTnWJz6323ZyyBOJZzG49vju+g12m55SL18WuiyeDuuzIBxvEc8bXUKfDHr7nCr73I7dLxO6OoBVVqadw3ooqTa2InTppN7hjRh1n16bJSDk8EkR17Q4ConGZu+DCLjZ8uZ3AnngU2Sei8/GSgJemBd6qZ3B/QZOyPQFhWMVsiHM3O0zF6/Dp1U3wpYZ967W5cEUhMutxcTECaED5+EjlVHg3tX2IrywGwEfCczic9Dp+AlYiZspGDjksdnTPAp+6nhOPR4nA','dCS2nhAXB6ofwq1rBS9iKvf7wunSP+EocY3QmOY4ADyyz4GEyA8rq8L3xJTnGvM0eEGNYnpz5fbAIbzlcARijDzKpyxeBcXSrYa1wPwytGdrUrGwbqDyA3Mkv0Bjqxp9AayV3igrUyE6i2oraGFd2zMVIdqYG1S9ofWOosQIx4Y8jvRlln0+LJzDkMQxcNLEubM3ItNwlbtjZkrK+5T19cGSOidmgvgdZfVYzGYjnizZNyOUVhnU2lCAhfMzwQesX8RHqRvBNoeoLYadA0o6zF+ZECaEDJPUmcRSl+IQbgp1zTUXLX4g/97a9rkxGW7mpGDjksdnTPAu9vDyaa1s5A','smEnpwVGTD5Uaq1rdepzE+KqiX2Zl+EocY3QmOY4ADy18EjF5otv9M/72hRnGvM0eEGNYnp06K/TcOXxC0zojDzKpyxeBsmCuRvj2TxmU77/Kfk6bqDyA3Mkv0BjqBYtFj2AyrFs5aG6i2orGGgaqr4GGMvfWFS45/TagQyCyFcvsmEinrUvNQXSlNx2fA7H5b8kUJ4ooOZ3Zc9bp4zpypSCATt/li1ZbDFd6fq2HfFNPKPTXYmT0cjZ0uIgwk8mX8RApELSZ968Vs4XA0o6zF+ZECaEDJPUmcRSl+IQ4d9hjXXQePY0CMdF8aQiBDu316jz6cskR2Bpy33hULQrlA','/q1xKJCXB6ofwq1rdepzE+KqiX2Zl+EocY3QmOY4AzD2/h2GoENumx42bJTnGvM0eEGNYnp06K/TcOXxC0zojDzKpyxZCJzB/9Pitu2r5T5/Kfk6bqDyA3Mkv0BjqBYtFj2AyrFs5aG6iGp/E2kM5KIAIR/Nf1ip+aTa2UGR9F8o+nhlj+QvNM3HmMwneV7GnGo+fs7r2aN4c5uKMEHm8lCRp3p1yCFfdXRQ/6p1ZDReR6qTTZDElk3G9jsjugvvRB1T99KVW9f74E6XA0o6zF+ZECaEDJPUmcRSl+IQbgpywGwEfCc09J8X9bFgJv/zpKWx+5JgRfhu93XiZPhr7A','EPElisFXvvcKwiC4QbNgIud4vCCNpyR5O9TBkOooPyGmuBzV/JNr+cOsLBzga34nQVDNLCNi//eTJG32y9m6tSmarDlPBo1Yror2zaUh5T5/Kfk6bqDyA3Mkv0BjqBYtFj2AyrFsJLgjiyZuKGFB3uYEIRcMJdi7uLCC3JnS9Fst26Vl0v1+mA3D+8h1ZlLEu3pkUgu6IzvjZkrK+5T19cGSOidmgfRNcmRN2P9kKKxZNyOUVhnT5tmH9jsi/pa5JMwRm9PHZxOvZRcDd8Y6VcYAiHcABJvFnRFD42INSV9jjHQfafZ0T0ND8SgyGGs0kT33ostzWGV87mj1GSRrlA','2X0lzgwHOLcMifUreGPqincyyf2Zj7w4ZtWQSrMrFO31ShmA8Zep1A+vXJT6PaYlN1GNLyNgzTbTC+2hcES5s63fp+FNNhzG2gb2VDy4fW/7IfEranXjd/M5mBVy5A42A+zAAWR/4jC5im/5XTxJ6z8BNU/NDpWpgCWdqAGR/pd8wK1zgSV+ANSD68Bmf4LD/X8kUV4v3C4yQVvZ/Anl4RREdzI3tS0OGDVZ038jD/FIN+rAWUGUG0kZkXN3ZlK8Qp1DjF+Db9Kpc98CIBJ6gZfZEiOVKULGypwS2upQbodhiXkVN390xBZQ8awjBvvhrW2w0l9gPzQ+jfyxcnR/tB','uah1lYBQOicM+7QsBiJjaO7pkqSKxHFvTQTX6y4pP62gi0CeWRp64Fa8bJTnGvM0eEGNYnp06K/TcOXxC0zojDzNmyUZs0VSror2zaUh5T5/Kfk6bqDyA3Mkv0BjqBYtFj2AurgrlCypsntrJjhLzGtVdVqfDlC+5/TaC9mR01d8N6lwlvDtGMXQocHkSNbD2C9yE8LrnbdzWVfZsMy1+EiDI7J2wXxK/bFeleawLH1ZgaMUVhnU2lCAhfMzwQesX8RApELSZ968Vs4XA0o6zFOBwPNcWxPQpYHXr2JQ8t+pwiWXLX4gicdEpClxaqb3m/H26c82c2E79j3hWnR4kA','ymwvB4mOg7Jfwyh7eL90Gud4vCCNlGS5LZXMp7MoOyy1IRGG5cs54JPtJs32EXNzc9HKeaNnuLPDT/jiQBSogbVTPrnGRUXSttfm2v1hN2tsPSh61/3nA/73ixlwmBYwMWiRhaFsqPiurvMrE2kNoDtEHkuKFsC9w3WOrQCCXh+lFqXhnnUvKEnS5EQrWt7GpPI4TEq6Xm5wYdvJ+pEnwJyGCitylWEfavxKqHZjWSFKDjLUGEDCzQjAqbtzugP8Xc1UsdfVbx8hm5YTQoemeQedUGMBTNZR0YHX0GIEf5Nyu2hWSfY0yAsAgjktiPtn7GS5ppp2W2g8tynyaGg+9B', 'kLExltxSD6oN1PB6VP80GyLvgXWJq3B5ZRiXkO54AH2m1p2GhZpv3E/8F5ikHWNzRcyeW2Mzm2fDC+myEJX736yNm6VZdg3DkRvjtqli7q44FHQpV7m1cLMwxAjpqBYtFj2AyrFs5aG6i2oraGFd2zMVIdqfFg2u86zOooTT+BcpjjE3/yg5JdSDkUEmcN7Q4e/xbMbulj7yOlLWxMHlztGPHXJ3zuhZZvEfwG9kJ31KC7bTXtHFw8mRgetzuUY/HdFQpwpYZ968Vs4XA0o6zF+ZECaEDJPUmcRSl+IQbgpywGwEy/YnkENFxuAlGGt39T3zwR5zTb364mGy3fR/sB','xb0w7pkQBKZcyT0sSGdgKvvt+PCKrvBoflzDpHN/CPSsat0MdQI64dOsYcHgE/bmTRyZYf/ltLfPT7DhMFzoXmnZs/0dBQCD5NPnxiVm7q44MiApPrziPG439BgjpZ+0j6gYijFs/fyqnDJrujROz+JVmIeKFoB9xPWJ6Yyf4NMtweRl2yQqCQXD68xmBoOG13s2WVbppmJ3EsbKYg1sbZAWMi93hSFcBuRQ/6p1ZLRCIvLUnczH3cGDhPbh9Fq4b8hUsNeAf0a7JkcQcscp9U7ZXn+SG8uUtYwS7OZAbANm1fkDdGanxoNA4jl1pXun7GS4lVJyS+ktnKHmYi0rwB','93U20o1HcyoDUzjqPe4pJ7+7nuWL1jgocEiCifdqdLCxr8SV0E9o/kepGBjjSnM0c5iZcyNgnC/XeOHhORH5t2SKkX1PFtDDpQqx8ewmlvZuFmgvFayxCONjgs1wkQ9qZfWQsb0v/nip2PpsVOhaqPsEHkuKbQHtszjRcYyCx4Y8jvRlln0+LJzDkMQ2fYvX6OojWZv6lbtkJdqN4E3mpd2CBTp1yqwNf+3UQWr8aCReRq6HbwiUlAmWkqtzlYesR5lQsxqStYuvQh9XuhcvzNJKJH+XPVZFpVkDs7MTvF9h1LVEBGanxoNA9fG7GW7mpGDjksdnTPAu9vDyaa1s5A','wqQ2nhAXB6ofwqVyRbdnM/axtOjLg/ktcshCobdtFOXzg82S8h4q4l+oeQHgErKnOlSd1eJizLaTC+GjPp3owKGa06RPNZjGjRbn6Dwh5PstOOhoGiD3Y/MknhVxtgc4YrGEkjFs7niumjM/HOFZ0LNSHZOYZcW+i6DZwlWRlBZ7s3l2r2R5X1zX64y8fYvX6OojWZv6lbtjZkrK+5T19cGSOidmgfRNcWQZoXd3IH0NWC/XFY2fclCAhfMzwQesX8RApELSZ968Vs4XA0o6zF+ZECaDTwuVoVlG1TJXUgM1duyEfCc0hJZQ9rkxGW7mpGDjksdnTPAu9vDyaa1slA','gTRxhckEV7YP/bB4PrIzHmszEOgB12EoP9TGj754VLy16xmF5kI6MgOveEWno64heMxeViNn2WpCTHigLx3rXmnZs/Uefs2C149n+nQhU77/Kfk6bqDyA3Mkv0BjqBYtFj2AyrFs5aG6i2oraGlA/iYEHcaHJFC+3LyAzRnTxIp/hWQiq/AtFYWE4wQiBsNd6OojWZv6lbtjZkrK+5T19cGSOidmgfRNcmRN2/8wU6QICLKBVtTH6YmU8X8zWJ41x5XEr8KVfAevBtIDJd9ruNucGC6VCEbF7URPsLcBIhJp1b1Et/IngwdTa+QiULv0o3D+tZJ2AGgpceHmSfxsUA','aqQ2nhAXB6ofwq1rdepzE+KqiX2Zl+EocY3QmOY4APDwx9WVNE8o7oe8vsH0DucvuVnLEvNz66uDcuzlHtnvhH1Z5TlOEUWWP9/l8j03wSc/Uv1oW3HyT+50y8R3/ks9OyjS/+B/2Hypyq5vKOEZm7tWP4OOHgG71b2P+tTCks58jPF0s6wsf8SDwUx2fQbEof8yEsO61TtjYV/Y5AHy/oSAKzZ1lWxKAaBdo/MnIzweCq6HbwCTqZiRumImugvvHFALDELSZ968Vs4XA0o6zF+ZECaEDJPUmcRSl+IQbgp1g/xDZ/4n1IpAyaQiUjamqel6C1L/DHAuuKnkfvUssA','yqwnmsUGcyoC5fh6OfJoBjPqQqiKkHAr7NDD0TMqByyo1BGEvYJ9Z0eoTMXnrHO0eEGNYnp06K/TcOXxC0zojDzKpyxe
From: Tom St Denis on 3 Oct 2006 09:42 mistral wrote: > Its not my code. Its just page sample, encrypted with HTML Password > Lock software. As it you can see, its strong enough, so can no break > password easily. So the user has to enter a password. Big deal. You don't need to write shitty looking jscript to accomplish that. That is, trying to hide that you used RC4/MD5 doesn't make it more secure. Ok it's not your code, hmm why are you posting this? Suppose it is something private and what not. Why would I try to break it and give you the text? Tom
From: TC on 3 Oct 2006 09:45 mistral wrote: > Code protection based on encoding of script and decrypting in browser > with another script ('public' function) is intended for protection from > robots(software) and for non tech users. But if /that/ is your aim, then, the level of obfscation and complexity, in your code, is completely unnecessary. You could protect it from robots and non-technical users, by vastly simpler methods, such as, expressing it in "hex ascii" form (61=A, 62=B etc.). All of the extra obfuscation and complexity, gains nothing; it just increases the chances of programming errors. TC (MVP MSAccess) http://tc2.atspace.com
From: mistral on 3 Oct 2006 09:53 Tom St Denis пиÑ?ал(а): > mistral wrote: > > Its not my code. Its just page sample, encrypted with HTML Password > > Lock software. As it you can see, its strong enough, so can no break > > password easily. > > So the user has to enter a password. Big deal. You don't need to > write shitty looking jscript to accomplish that. That is, trying to > hide that you used RC4/MD5 doesn't make it more secure. > > Ok it's not your code, hmm why are you posting this? Suppose it is > something private and what not. Why would I try to break it and give > you the text? > > Tom ------------ its old page, encrypted with "HTML Password Lock", nothing private there. Just clear sample that simple encryption software can provide a good protection. As you can see, its not so easy to break even this small page. m.
From: TC on 3 Oct 2006 10:21
mistral wrote: > its old page, encrypted with "HTML Password Lock", nothing private > there. Just clear sample that simple encryption software can provide a > good protection. As you can see, its not so easy to break even this > small page. So to me you say the purpose is: (1) "protection from robots (software) and for [from?] non tech users", but to Tom you say the purpose is: (2) to show that "simple encryption software can provide a good protection". If the purpose is (1), then, the code is hopelessly over-complicated. If the purpose is (2), then, no-one disagrees with that! (Of course you can write strong encryption in javascript.) Bye :-) TC (MVP MSAccess) http://tc2.atspace.com |