makepa3.htm Fravia explaining easy Javascript password encryption techniques

Fravia's javascript encryption methods
We will use an encryption called Vigenere. Although this kind of encryption technique has not got any chance against reversers, it will probably be more than enough to keep most lusers out.
The Vigenere cipher is easy to code and good enough to demonstrate that JavaScript can be used to encode and decode encrypted documents.
You will therefore be able to protect (somehow :-) your Web pages from unwelcome visitors, once you elaborate on it a little.

The code is not originally mine: it is available on many sites of the web (that's the reason I cannot offer a reference to its real Author, too many haven copycatted it), and I have -exactly like all other authors- only slightly modified the original one: I have made it case insensitive, have choosen an incredibly easy password (Hint: use "aaaaaaaaa" and see what happens :-) and have given you a "one to one" relationship.It's actually dead easy as you will see, I even prepared a special "debug" function for your experiments...

~ begin encrypted document ~ ~ end encrypted document ~

Your page may begin with an unencrypted header, followed by a section of script which contains five main elements:
1) a decryption function definition (try to follow the code); 2) a string -as long as you fancy- of encrypted text ("ciphertext"); 3) a few lines of code that prompt the user for a key; 4) a call to the decryption function using the ciphertext and key as parameters; 5) a write statement that outputs the string returned by the decryption function
The document ends with an unencrypted footer. However, you will not see the unencrypted text unless you enter the correct password. The "View Source" command won't help much, either, because the password is not contained in the source and the text is scrambled. Of course, you can encrypt your documents with nearly any encryption technique, as long as you are able to write the JavaScript code that decrypts it. To get you started, here is the basic scripting pattern you should use in JavaScript-decoded Web documents:



<script>







// Copy the ciphertext into a string variable:



text = "jdiownvuizsponmwe";







// Obtain a password from the user:



password = get_password ();







// Use the password to unscramble the text.



text = decode (text, password);







// Display the result in the document:



document . write (text);







</script>

With a correct password (used as key) decoded text will be written to the browser window. Otherwise, the output will look like one to one (with Uppercase and lowercase respected) garbage. If you are going to encrypt many pages of your site, you could store the decryption function in a separate JavaScript file that you can load automatically with each page by setting the src property of the <script> tag.

You are deep inside fravia's page of reverse engineering, choose your way out:

homepage

links

anonymity

+ORC

students' essays

tools

cocktails

search_forms

corporate

mailFraVia

Is reverse engineering legal?