Reputation: 57
Simple XOR a message (Javascript/Tcl)?
I need the username/password to be scrambled at the client-side before sending it over via HTTP GET/POST. And the server will decode it with Tcl, before the checks against database.
Currently I'm thinking about using JavaScript for the client-side. Java Applet will also do.
Is there any way, that I can easily achieve it, using Simple XOR or any other methods? (Examples would be much appreciated)
I've found the few samples in C/Python/.NET/Java... But not in JavaScript and Tcl.
SSL is not an option to use, sadly.
Upvotes: 0
Views: 727
Answers (2)
Reputation: 185
superNobody,
You should consider alternatives to storing plain-text passwords in the database. See:
Instead of encoding the password in Javascript, then decoding the password in Tcl to compare with the database, you should consider SHA1 hashing in Javascript, and storing SHA1 hashed values in the database.
There are several available examples of a SHA1 hash function in javascript (just Google 'sha1 javascript'). The tcllib Tcl library has SHA1 support.
As HaiVu mentioned, you should also consider hashing / storing more than just a straight password hash, but instead use something like SHA1( username + websitename + password ). You can calculate this on the client in Javascript, and store it in the db.
Upvotes: 1
Reputation: 40773
If ssl is not an option, then I suggest the following scheme, which many sites use instead of SSL:
- On the client side, combine the user name and password, then calculate a hash from it (MD5 is a popular choice).
- Send the user's name and hash over to the server
- On the server side, retrieve the password for that user from the database.
- From the user name and password, calculate the hash and compare it with the client's hash. If the two match, then the passwords match.
- For added security, add a little random text to the user+password mix. This random text, AKA the "salt", must be known on both the client and server sides.
Here is a suggestion on how to calculate the hash using MD5:
package require md5
proc calculateHash {user password salt} {
return md5:md5 -hex "$user:$salt:$password"
}
How to use it:
set user "johnny"
set password "begood2mama"
set salt "myDog_is_meaner_than_yourDog"
set hash [calculateHash $user $password $salt]
Upvotes: 1
Related Questions
- Reverse XOR operator in JavaScript?
- Help me with XOR encryption
- XOR with crypto's randomBytes
- Why is this simple JavaScript XOR encryption algorithm not working?
- Simply XOR encrypt in Javascript and Decrypt in Java
- XOR encryption with c++
- Swift Simple XOR Encryption
- String XOR encryption fails with some keys
- JavaScript - Bitwise XOR on strings?
- C# Converting a XOR crypt function