Encryption

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by driveflexfuel, Mar 5, 2009.

  1. driveflexfuel

    driveflexfuel New Member

    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    0
    I am new to encryption and I am creating a program that works with paypal buttons. How secure is an encryption like this

    <script>
    //<!--
    document.write(unescape("%59%6F%75%20%68%61%76%65%20%66%69%67%75%72%65%64%20%6F%75%74%20%6D%79%20%65%6E%63%72%79%70%74%69%6F%6E%0A%3C%69%6E%70%75%74%20%69%64%3D%22%69%6E%70%75%74%22%20%6E%61%6D%65%3D%22%69%6E%70%75%74%22%20%20"));
    //-->
    </script>

    If this is not secure enough can you suggest another way.
     
  2. Livewire

    Livewire Abuse Compliance Officer Staff Member

    Messages:
    18,166
    Likes Received:
    215
    Trophy Points:
    63
    That ain't secure at all -

    Code:
    You have figured out my encryption
    <input id="input" name="input">
    In all honesty I'm not sure what you're trying to encrypt, so I've no idea what the best way -to- encrypt it would be.

    What I -can- tell you is this: all I had to do to decrypt this was copy and paste it into an html document on my own pc, and open it. Right-click, View Source, Voila - code is right there for viewing.

    Don't rely on anything that "disables" right click either - most of them I'm aware of utilize javascript, which anyone with NoScript can disable on a site by site basis - they can still get to the source code to read encryption like this.



    Hopefully someone'll come along who has a better idea of what to do to encrypt stuff, cause I've got zilch for ideas - I just know encoding it with %HexCode is barely even encrypting it since everyone with a browser has the capacity to decode it.



    Edit: Realized one other thing; this is displaying it to the screen for the user to view in an unencoded format - the end-user is getting both the encrypted -and- the decrypted version in your example. Not a good idea, so hopefully I'm missing how it was supposed to be used :S
     
    Last edited: Mar 5, 2009
  3. driveflexfuel

    driveflexfuel New Member

    Messages:
    159
    Likes Received:
    0
    Trophy Points:
    0
    I need to encrypt the form inputs but i need to be able to access the values of the inputs with JS if anyone can think of a way i can do this I am offering 500 credits for the assistance
     
    Last edited: Mar 5, 2009
  4. taekwondokid42

    taekwondokid42 New Member

    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    0
    <?php

    $code = "Encrypt Me!";
    $password = "don't tell";
    $code = sha1($code.password);

    echo $code;

    ?>

    What you get returned will be 40 digits long and in hexadecimal. It's plenty secure for most sites. Even if the person messes with the cookies, he will need the password to bypass your security.
     
  5. olliepop

    olliepop Member

    Messages:
    138
    Likes Received:
    0
    Trophy Points:
    16
  6. taekwondokid42

    taekwondokid42 New Member

    Messages:
    268
    Likes Received:
    0
    Trophy Points:
    0
    do NOT use md5. It's been cracked so that a normal comp can create a working collision in only 1 hour.
     
  7. xav0989

    xav0989 Community Public Relation Community Support

    Messages:
    4,467
    Likes Received:
    95
    Trophy Points:
    0
    You could generate a hash, and link it with some info.
    Let me explain:

    You generate a hash, and in a database, you store the hash next to the other info (name, email, password, etc.) next, instead of showing the actual info, you show the hash. When they click on the button, they are redirected to a page which reads the code, match it to a record, and send to paypal the info, in the background.
     

Share This Page