stackoom
  简体   繁体   中英

Simple XOR a message (Javascript/Tcl)?

 原文  2010-08-10 03:26:31       javascript/ tcl/ encryption-symmetric

Question

I need the username/password to be scrambled at the client-side before sending it over via HTTP GET/POST. And the server will decode it with Tcl, before the checks against database.

Currently I'm thinking about using JavaScript for the client-side. Java Applet will also do.

Is there any way, that I can easily achieve it, using Simple XOR or any other methods? (Examples would be much appreciated)

I've found the few samples in C/Python/.NET/Java... But not in JavaScript and Tcl.

SSL is not an option to use, sadly.

2 answers

solution1
 1 ACCPTED  2010-08-10 14:11:59

If ssl is not an option, then I suggest the following scheme, which many sites use instead of SSL:

  1. On the client side, combine the user name and password, then calculate a hash from it (MD5 is a popular choice).
  2. Send the user's name and hash over to the server
  3. On the server side, retrieve the password for that user from the database.
  4. From the user name and password, calculate the hash and compare it with the client's hash. If the two match, then the passwords match.
  5. For added security, add a little random text to the user+password mix. This random text, AKA the "salt", must be known on both the client and server sides.

Here is a suggestion on how to calculate the hash using MD5: 

package require md5

proc calculateHash {user password salt} {
    return md5:md5 -hex "$user:$salt:$password"
}

How to use it: 

set user "johnny"
set password "begood2mama"
set salt "myDog_is_meaner_than_yourDog"

set hash [calculateHash $user $password $salt]

solution2
 1  2010-09-10 03:30:18

superNobody,

You should consider alternatives to storing plain-text passwords in the database. See:

Instead of encoding the password in Javascript, then decoding the password in Tcl to compare with the database, you should consider SHA1 hashing in Javascript, and storing SHA1 hashed values in the database.

There are several available examples of a SHA1 hash function in javascript (just Google 'sha1 javascript'). The tcllib Tcl library has SHA1 support.

As HaiVu mentioned, you should also consider hashing / storing more than just a straight password hash, but instead use something like SHA1( username + websitename + password ). You can calculate this on the client in Javascript, and store it in the db.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Simple Perceptron In Javascript for XOR gate Why is this simple JavaScript XOR encryption algorithm not working? JavaScript : Simple perceptron predicting wrong for XOR gate c xor result is different than javascript xor XOR output is wrong in Javascript XOR cipher decryption in Javascript JavaScript - Bitwise XOR on strings? Javascript & PHP Xor equivalent Reverse XOR operator in JavaScript? Is there anyway to implement XOR in javascript
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM