jim.shamlin.com

JavaScript Encryption

This is a simple widget I knocked out for using single-key encryption on the client side. It works by using a "key" to encrypt/encode the original passage and provide a cypher that can be translated back to the original text by using the same key

ENCRYPT
Input:
Key:
Cypher:
   
DECRYPT
Cypher:
Key:
Output:

If you're curious about the code that drives this, here's a link to view it.


Application

I've put the encryption function to practical use in some instances to provide lightweight data security for data transmitted via e-mail or to servers that lack the ability to establish a "proper" secure channel via HTTPs, or to provide an extra layer of security to information stored in a database.

As a result, there have been a handful of "experts" over the years who have been acutely obnoxious in declaring this technique to be "weak" and "fragile." I'll concede that it's lightweight and there are better "industry standard" solutions for data encryption ... but at the same time, none of the critics have ever been able to demonstrate their ability to break it.

So as a result, I am not dissuaded from using it in situations where more industrial-strength methods of encryption are not available or feasible, on the principle that, while this "trick" may not be industrial-strength, it's "good enough" for most uses, and certainly better than nothing at all.


A Challenge

I've been crabbed at a dozen times or more about how weak and vulnerable this trick allegedly is, and yet no-one has demonstrated the ability to crack it in nearly twenty years ... so here's a challenge to anyone who wants to give it a shot. (And unless/until you can beat it, your opinions about "security" aren't worth that much to me.)

Enter your e-mail address below to be sent a message containing some encrypted code, and you can give it a whirl. If you can break the cypher, I'll gladly eat crow (honestly, I'd like to see if someone actually can do it).

E-mail:

To keep things honest and fair, I'll send you one of several cyphers at random and log the e-mail address, IP address, and time.

At one time, I offered a bounty for the challenge (on a more popular site), of a gift certificate for the first person who could crack it within a week, but then I got deluged with spam from people trying to guess the answer and saw a lot of activity on my server of lame attempts to hack their way around the task, so I don't do that anymore.