Menu
i’ve put alot of work into building my website/forums board, well the other day this person that was visiting my site started lifting my code to use on his site,
so i tried running my website through a source encrypter but for some reason it never turns out… so i’m having to pick select sections of the code to encrypt… is there a better way to stop people frow stealing source code?
[b]Encrypt-A-Script[/b][/quote]This is actually weaker than the usual insecure JavaScript, and is extremely easy to restore to its original form. :
[i]Originally posted by Baby Jai [/i]
[B]1) Create your site in frames, and use a navagtional bar where it doesnt say the name of the mainframe or any other sites, so this way if they go to read the source its only the left or top frame. [/B][/QUOTE]
[i]Baby Jai[/i]A half hour, especially when much of that time was wasted just trying to figure out what it was you wanted him to retrieve, is [b]not[/b] considered high security by any means.
[b]You see how long it took you wtih my help to get the source? This is why this person should do this[/b][/quote]
[b]And what you are seeing is wrong Jeff. There is usernames that work great, its embedded in the web page and that is why you cannot se it. Try to put in a name and it will tell you invalid login. If need be i can give you a username and you can see what im talking about.[/b][/quote]ummm, you did read my post right?
[b]you may like to know that the usernames and passwords are indeed secure. The script you use actually uses MD5, which is a secure hashing algorithm.[/b][/quote]
[b]Also, I have visited your member login page. Unless I am missing something, a correctly entered username or password will do nothing. No redirections, not even an alert message. How you go about attacking this part of the problem is also an integral part of the security.[/b]
[/QUOTE]
[b]but my teacher at college uncrypted it within 5 minutes. Not going to say how, but he did[/b][/quote]I'm actually extremely curious how now. I went through the JS code again and discovered that the encryption algorithm they're using is RC4, which is a secure stream cipher. For the key to the encryption they use the base64 encoding of the MD5 hash of the correct password. It could have used some improvements here or there, but is ultimately secure. It certainly would take more than spacing or deleting some text. So unless you showed your teacher a page protected from a different program, or maybe even a different version, there really should be no way for him to have decrypted it.
[b]he did, i reallyu dont want to go into detail so you could break the code[/b][/quote]I'm not even sure you understand the world impact if this is true. RC4 is considered secure and thus is still in current use. It is the encryption algorithm used in the Cellular Digital Packet Data. In other words, it's what keeps people from easdropping on cell phone conversations. In addition to many other commercial products. If your teacher can break it in 5 minutes.... If you still have access to this teacher would be able to get some information on his break? Yes/No information would suffice if you don't want to reveal the process.
[b]its very hard to uncrypt so my point before about it being secure is legit then?[/b][/quote]If all the previous information regarding your teacher is correct then no, actually, it's not secure. You could call it difficult to get into, but not secure. It's even possible that whatever your teacher did, someone has also done then posted to the internet a program to perform the break automatically. Which means people won't need to break it themselves. They need only to use a search engine.
[b]just becuase he can break it doesnt mean its not secure[/b][/quote]It does, actually. In cryptography an algorithm is considered secure if it cannot be broken with available resources, either current or future (no matter who the person is).
[b]See the thing is this, whether he can or cannot, you cannot so therefore it is secure, correct?[/b][/quote]No. Consider the analogy of an actual lock. It is secure if and only if it cannot be bypassed (i.e., you must have the correct key). But you are saying your teacher can bypass that lock without the key. Thus that locks fails the definition of being secure.
[b]This guy writes Java for a a living. He builds webpages from notepad.[/b][/quote]Not meaning to criticize your teacher but a very large number of people do also program in Java. And nearly every professional Web developer, including a great many on this forum and myself, write their pages in notepad. These aren't exactly astounding qualifications.
[b]javbascript in cell phones?[/b][/quote]No, RC4 in cell phones. ? An algorithm is simply a step-by-step procedure. Computers can be instructed to perform that procedure in just about any programming language. The HTML Password Lock contains a JavaScript implementation of the RC4 algorithm. Cell phones contain an implementation probably in C or directly in hardware.
[b]I'm sure he would tell you how to break the code, but then now you have access to my site.[/b][/quote]Your personal Web site is the least of the concern. But I also never said you had to describe the process, only yes/no questions. The obvious ones are...
0.1.9 — BETA 5.20