Re: XOR javascript implementation



On 20 Sep 2006 09:30:57 -0700, "mistral" <polychrom@xxxxxxxxxxxx>
wrote:

which encryption method provides most compact code? And encryption must
use only browser supported strings, without special symbols not
recognizable by web browser.
You need to think about you requirements. For the "most compact code"
RC4 is a good candidate - compact and easy to program. However is is
only secure enough to stop Aunt Edna looking at your source code;
against anyone with reasonable knowledge or resources RC4 is not
secure.

Most cyphers will not give you "only browser supported strings,
without special symbols." For that you need some sort of additive
Vigenere cypher as I suggested earlier. Alternatively you need to add
translation into and out of Base-64, yEnc or whatever. A modified
version of yEnc (http://www.yenc.org/) would probably give you less
cyphertext expansion than Base-64. Against that a Javascript Base-64
implementation is probably available off the shelf while I doubt that
yEnc is similarly available being newer.

You have three requirements:
- security
- compact code
- no special characters

You need to think about what order of priority these three have and
the interactions between them.

What level of security do you want? Do you want to stop Aunt Edna
reading your HTML source or do you want to stop Nasty Megacorp Inc
reverse engineering your HTML? NMI will be able to throw a lot more
resources at breaking the cypher than Aunt Edna. If you only want to
stop Aunt Edna then do you need to encrypt at all? Base-64 or yEnc
may stop Aunt Edna just as well as full encryption.

How important is compact code? Good security can be complex so
shorter code is likely to be less secure, as with RC4.

Special characters can be an add-on like yEnc or Base-64 which will
expand both the Javascript code and the cyphertext. If you want no
special characters built into your cypher then you are pretty much
forced to use Vigenere which will reduce your security level.

There is no perfect solution to your problem. You are going to have
to balance your requirements, and only you can do that.

rossum

.