On 22/06/2012, at 5:54 PM, Mark Brown wrote:
> I know trying to secure anything on the client-side is a no-no.
>
> function crypt(text, key) {
> var result = "";
> for(var i=0, ii=text.length; i<ii; ++i) {
> result += String.fromCharCode(key^text.charCodeAt(i));
> }
> return result;
> }
>
> crypt('{ data: "yep" }', 6) => "}&bgrg<&$ cv$&{"
> crypt("}&bgrg<&$ cv$&{", 6) => { data: "yep" }
>
> Can anyone help with a Ruby equivalent? to decrypt that string?
> Or does anyone have other examples of client-side encryption and decryption
> in Ruby?
That code doesn't do encryption - it's just a byte-wise xor mask.
The Ruby equivalent is trivial.
In regard to encryption on the client side, the client should be regarded
as an untrusted third party. It must prove its authenticity in *every*
transaction,
by a signature applied over the entire message content. The signature may
be constructed using a shared secret or by use of a private key.
Clifford Heath.
--
You received this message because you are subscribed to the Google Groups "Ruby
or Rails Oceania" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rails-oceania?hl=en.
