Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
* * * * * 1 votes

Full Encryption using javascript and PHP only

encrytion rsa rc4 php encryption javascript encryption tutorial library function library

  • This topic is locked This topic is locked
18 replies to this topic

#13 Sundance

Sundance

    CC Devotee

  • Validating
  • PipPipPipPipPipPip
  • 572 posts
  • Programming Language:C, Java, PHP, Python, JavaScript, Perl, PL/SQL, Transact-SQL, Bash, Others

Posted 11 February 2014 - 05:55 AM

What a belligerent response.

 

All Alexander was trying to do was help you.

 

A simple encrypted POST/GET Method in PHP/JS is not going to hinder the NSA one bit if they have access to the servers in the US and I do believe that is Alexanders point.

 

Not to mention I'm kind of curious as to the security of your own server, what happens if your server goes down? Do you have back ups? Multiple servers spread across the globe? If not, why not? There's no good only having one line of defense against a horde of robots...


  • 0

Please read the

FaQ & Guidelines


#14 jerrywickey

jerrywickey

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 51 posts

Posted 11 February 2014 - 06:20 AM

What exactly was belligerent about my response?

 

My own servers are pretty vulnerable.  I really don't have anything to hide and I don't make a lot of effort to hide them.  If the NSA wanted the contents of my servers, I'm not saying they would, but if they did.  They wouldn't even have to mess with hacking me.  They'd just go directly to the hosting company.

 

The following is copied and pasted right from the test form on the page I posted.  http://jerrywickey.c...rrysLibrary.php

&testName=jerry&testPass=password&testComment=my comments on this matter

This message was encrypted before being sent. This is the encrypted message which the server received:

7)RI(K)S75(E(VR(0lc6)UQ(XoR(HX(y(fTt0(ee8(Mk(YYA(g(eEb)WJ(Rt)W(6(b(x)x(I(y(x(Ys2b)yl(d(h(P(h(am(E5(ihf(KRu(9f)RKT(d(JmFR(_)Sm6(b(DV(Y(-ju(aO)Uj)y(heZ)yJA(C(f(F)-

You aren't really tell us that you or the NSA could decrypt that?  Are you?  That is encrypted with a 1045 bit key.  A key which did not pass between the client and server at any time. 

 

The point is not to secure the servers. It is to make encryption valuable.  Currently only important docs are encrypted.  This means that if the NSA or anyone else knows exactly which docs people want to keep secret.  They might be able to decrypt some of them, but only because they can dedicate all their computing resources to those few docs.

 

Encrypt everything, then ANYONE wishing to spy must decrypt everything just to know what is important and what is not. 

 

This is the point and I want to encourage programmers to do this and I want to make it easier for them to do it. 

 

Don't you agree with this?


Edited by jerrywickey, 11 February 2014 - 06:23 AM.

  • 0

#15 Sundance

Sundance

    CC Devotee

  • Validating
  • PipPipPipPipPipPip
  • 572 posts
  • Programming Language:C, Java, PHP, Python, JavaScript, Perl, PL/SQL, Transact-SQL, Bash, Others

Posted 11 February 2014 - 06:38 AM

Actually yes...I will tell you just that and here's an article to back up my point


  • 0

Please read the

FaQ & Guidelines


#16 jerrywickey

jerrywickey

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 51 posts

Posted 11 February 2014 - 06:59 AM

So what you're saying is use my 

initCrypto( 2048)

instead of 

initCrypto ( 1024)

The article addressed sites using SSL.  Most sights are not https.  This greatly, exponentially reduces the computing effort required by the NSA to decrypt only those messages which are encrypted.

 

I am sure you agree, the world would be a better place if every piece of data going across the internet were encrypted including sites that do not use SSL. 


  • 0

#17 wim DC

wim DC

    Roar

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 2681 posts
  • Programming Language:Java, JavaScript, PL/SQL
  • Learning:Python

Posted 11 February 2014 - 07:03 AM

I think this all got a bit out of hand. If I understand it right, all Alexander was trying to say that for truly securing pages like this it's not enough to only use your script(s). Securing it would involve a combination of things and not only implement the script to send data encrypted.

Alexander just said that by using your script, and not taking other measures you're still at risk because the data you receive in your browser doesn't come straight from the server over 1 cable into your computer. It goes from Server A to B to router C ... Arrives at your PC Z. And when in the chain F is hijacked, they could - theoretically - just edit the javascript files so for example 'encryptToServer( clientPlainText)' simply does nothing but carry on the plain text, rendering your script useless.

It's probably a good script for encrypting data and helps keeping client/server communications secure. But the script alone won't be enough for a 100% secure communcation.

Edited by wim DC, 11 February 2014 - 07:43 AM.

  • 2

#18 jerrywickey

jerrywickey

    CC Resident

  • Advanced Member
  • PipPipPipPip
  • 51 posts

Posted 11 February 2014 - 07:11 AM

I think you are exactly right.  This got WAYYYY out of hand.

 

And Alexander is right.  If the NSA wants data, they are going to get data.  They have guns.

 

All I am trying to do is encourage programmers to encrypt everything.  And I am offering an easy to use function library to do that.

 

Using this library lets even pages that aren't SSL to easily encrypt everything, every piece of data that is going back and forth over the internet.

 

If every piece of data on the internet is encrypted.  NSA nor anyone else simply doesn't have the computing resources to even figure out which docs are important and what is not. At which point they have to admit, their efforts aren't accomplishing anything and not worth the tax dollars.

 

This is something we, you and I, the coding community,  already know anyway.  Let's all get aboard.  Please

 

every competent programmer should offer his own encryption library so that less experienced programmers can quickly and easily catch up.  Lets show the decision  makers in Washington who really runs the world. It isn't the new Fed chairman, Dr. Yellin nor is it VP Kerry.  It is the people who make cell phones work and the people who allow Stock buyers in Germany to buy from sellers in New York.  It is computer programmers.


Edited by jerrywickey, 11 February 2014 - 07:18 AM.

  • 1

#19 Alexander

Alexander

    YOL9

  • Moderator
  • 3963 posts
  • Location:Vancouver, Eh! Cleverness: 200
  • Programming Language:C, C++, PHP, Assembly

Posted 11 February 2014 - 10:54 PM

I appreciate that there is value in the code, and that it performs a complete function that may be of use to someone looking to build upon it with other layers.

 

It is my opinion however that nothing more can constructively come out of this thread and so I am locking it for the time being.

 

Alexander.


  • 1

All new problems require investigation, and so if errors are problems, try to learn as much as you can and report back.






Also tagged with one or more of these keywords: encrytion, rsa, rc4, php encryption, javascript encryption, tutorial, library, function library

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download