Below is script that I obtained from www.JavaScript.com several weeks back that utilizes a simple XOR hash algorithm to encrypt text. In THEORY, you can incorporate the framework utilized in this example to devise a scheme for "securely" validating a password on the client.
In REALITY, I would suggest that nothing you do entirely on the client side can be truly secure. There are any number of ways a sophisticated user can bypass whatever scheme you devise. If your "security" aim is to protect certain things from the casual hacker, however, you could probably safely come up with something. Just make sure the people that need to know are fully aware of such client-side limitations. Jack -----Original Message----- From: Jonah [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 29, 2001 2:32 PM To: Dynapi-Help Subject: [Dynapi-Help] theoretical javascript question Would it be possible, in theory, to securely validate a password client side? Obviously, simple string matching would not work because the client could view the source to find the correct password. But I have this vague notion (my upper level math skills are very rusty): Parsing the password up into characters perhaps, converting the chars to numbers, and then passing the numbers into the variables of a set of non-linear equations that must be solved simulataneously (in javascript, a set of functions that must return true simultaneously). I have no idea how you could generate the necessary difficult-to-solve set of equations given a particular password, but am curious to know if such an approach is viable even in theory. Anyone have any ideas? Thanks, Jonah _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help _______________________________________________ Dynapi-Help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dynapi-help
