The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Micro-PC


  • To: <ukha_d@xxxxxxx>
  • Subject: RE: Micro-PC
  • From: "Graham Howe" <graham@xxxxxxx>
  • Date: Thu, 2 Aug 2001 21:00:53 +0100
  • Delivered-to: rich@xxxxxxx
  • Delivered-to: mailing list ukha_d@xxxxxxx
  • Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
  • Reply-to: ukha_d@xxxxxxx

Not sure how you could crack this one, the problem is that the result of
the
getPassword function is the link. Now we can assume that the link is likely
to end in ".html" but it could also end in ".hTmL" or
".hTm" etc etc. This
gives a rather large number of combinations and of course we don't even
know
the length of the password (filename).

I'm not a real JavaScript expert, but I can understand what is going on in
the script, that however does not make the password decipherable as far as
I
can see.

In case anyone is interested, the script is effectively taking the password
and by matching letter positions in the two strings "a" and
"b" it is
converting the password into an actual filename and extension. Trouble is
we
have no real way of knowing what the extension is or what the length of the
filename is, so it is very tricky to work backwards. This is a pretty safe
method of encryption, but the problem is that it can only allow a single
password (or at least a limited number) and it is embedded in the page and
indeed the structure of the site. So whilst it is reasonably secure, it is
a
pain in the butt if the password is ever compromised.

Regards

Graham

P.S. If Steve or anyone else does have a neat trick for deciphering this
then I would be very interested to hear it. I don't think there will be any
'serious' sites using this method but I would like to know how safe it
really is.



Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.