[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
RE: Micro-PC
- To: <ukha_d@xxxxxxx>
- Subject: RE: Micro-PC
- From: "Graham Howe" <graham@xxxxxxx>
- Date: Thu, 2 Aug 2001 21:00:53 +0100
- Delivered-to: rich@xxxxxxx
- Delivered-to: mailing list ukha_d@xxxxxxx
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
Not sure how you could crack this one, the problem is that the result of
the
getPassword function is the link. Now we can assume that the link is likely
to end in ".html" but it could also end in ".hTmL" or
".hTm" etc etc. This
gives a rather large number of combinations and of course we don't even
know
the length of the password (filename).
I'm not a real JavaScript expert, but I can understand what is going on in
the script, that however does not make the password decipherable as far as
I
can see.
In case anyone is interested, the script is effectively taking the password
and by matching letter positions in the two strings "a" and
"b" it is
converting the password into an actual filename and extension. Trouble is
we
have no real way of knowing what the extension is or what the length of the
filename is, so it is very tricky to work backwards. This is a pretty safe
method of encryption, but the problem is that it can only allow a single
password (or at least a limited number) and it is embedded in the page and
indeed the structure of the site. So whilst it is reasonably secure, it is
a
pain in the butt if the password is ever compromised.
Regards
Graham
P.S. If Steve or anyone else does have a neat trick for deciphering this
then I would be very interested to hear it. I don't think there will be any
'serious' sites using this method but I would like to know how safe it
really is.
Home |
Main Index |
Thread Index
|