Is JavaScript encryption still secure ?

In summary, JavaScrypt is an encryption program released in 2005 that uses 256bit encryption. However, this method of encryption is not as strong as more commonly-used methods such as AES256. Additionally, storing passwords in an encrypted form using JavaScrypt is not recommended, as it is not as secure as more commonly-used methods.
  • #1
B0b-A
155
32
JavaScrypt is an encryption program [ 256AES ?] released in 2005 ...

http://www.fourmilab.ch/javascrypt/javascrypt.html

Is this still a secure method of encryption ? ,
an example of an encrypted messages is below, [ the key is a 64 character hexadecimal number ]

##### Encrypted: decrypt with www.fourmilab.ch/javascrypt/javascrypt.html
?HX?98173c79973dccf051f1820b34726b6d9309124671568aa911bdef6e4b56
541e115a49f22a113e5eea288546f761e8350aead00d3efbe1ff45a37d011f25
5c3108214f785801a833bac2eb456af324c957741c2d99180ac5e1d1e1febaf1
bded?H
##### End encrypted message

A bruteforce crack allegedly would take trillions of centuries ... https://www.grc.com/haystack.htm
 
Last edited:
Technology news on Phys.org
  • #2
The short, and probably not what you want, answer: Yes but it depends.

Important points:
1. Security is NOT encryption. Encryption is a small part of overall security. Security is very multi-faceted, and depends on lots of layers to be effective.
2. Do not confuse time to decrypt with anything more than a means to scare off the script kiddie attacks. Time to decrypt simply forces some wannabe hacker to go on to another site, for example.
3. If you expect encryption alone to deter a well-funded government agency from most countries, think again.

Plus:
The site you link to about bruteforce attack, explains the other depends. If you have an 8 byte, diverse character-space password the straight bruteforce attack duration is determined by the number of characters. 16 bytes takes longer to bruteforce. The idea behind the website - make your password secure enough so the bad guys will go away, and choose some very easily hackable system.Before you entrust your life's savings to some encryption based security scheme go to Bruce Schnier's site. He has a bunch of articles.

http://www.schneier.com/about.html

IT Management, usually non-technical folks, ask questions like this all the time. So you asked a good question, keep working on it.
 
Last edited:
  • #3
jim mcnamara said:
3. If you expect encryption alone to deter a well-funded government agency from most countries, think again.

Plus:
The site you link to about bruteforce attack, explains the other depends. If you have an 8 byte, diverse character-space password the straight bruteforce attack duration is determined by the number of characters.


I was looking for a method to store encrypted passwords in away that could be decrypted on any computer OS, (Windows/Linux/Mac), and JavaScrypt seemed to offer that, provided it had an internet browser with JavaScript. The encryption need only be sufficient enough to prevent criminal element from helping themselves to my bank account, rather than defeat the FBI.

Online banking uses 256bit encryption , so on the face of it JavaScrypt (AES256) appears to be as least as strong for the same key length.

BTW the key for the encrypted message in the first post is the hexadecimal number (not “text”) below … 1BF5427B1DEB40557B05276D27CC801DD9C500D87441C8B7DF159575D2D851D0
 
Last edited:
  • #4
Basic misunderstand is going on here. "Encrypted passwords" are never unencrypted. They are encrypted with one-way encryption the first time the password is entered, then the encrypted form is stored. This is so that people cannot just break into the password database and steal your password. (It's actually more complex than that, as passwords get "salted" as well as encrypted--Google it).

To use an encrypted password, you need to have the same one-way encryption algorithm, encrypt the received password (which should have come to you via an already-secure transmission medium), and then retrieve the encrypted STORED password and compared the just-encrypted recently-entered password.

I have no idea whether JavaScrypt software does a good job of this or not, but was concerned about the phrase "in a way that could be decrypted" because it indicates a basic misunderstanding of how encrypted passwords need to be handled.
 
  • #5
If you're storing passwords, use something like bcrypt.

Using JavaScript (the language) for encryption is generally frowned upon in the security community (though there is some argument on this point). Browsers are generally insecure and it's too easy to modify code that is run on the client.

What exactly do you hope to accomplish, and what is your threat model?
 
Last edited:

1. Is JavaScript encryption still secure?

The answer to this question is not a simple yes or no. It depends on the specific encryption algorithm being used and how it is implemented. Generally, JavaScript encryption can be secure if it is done correctly, but it is important to stay informed about any vulnerabilities that may arise.

2. How does JavaScript encryption work?

JavaScript encryption uses algorithms to convert plain text into a coded or scrambled form, making it unreadable to anyone without the key to decrypt it. This process is commonly used to secure sensitive data transmitted over the internet or stored on a computer.

3. What are the potential risks of using JavaScript encryption?

The main risk of using JavaScript encryption is that it can be vulnerable to attacks if not implemented correctly. Additionally, there is always a risk of security breaches, as with any form of encryption. It is important to regularly review and update encryption methods to stay ahead of potential risks.

4. Are there any alternatives to JavaScript encryption?

Yes, there are other encryption methods that do not rely on JavaScript. For example, server-side encryption or using a dedicated encryption tool can also provide secure data transmission. However, JavaScript encryption is still widely used and can be effective when implemented properly.

5. How can I ensure the security of JavaScript encryption?

To ensure the security of JavaScript encryption, it is important to use a strong encryption algorithm and keep it up to date. Regularly testing and auditing the encryption methods used can also help identify and address any potential vulnerabilities. Additionally, following secure coding practices and keeping sensitive data protected can help maintain the security of JavaScript encryption.

Similar threads

How Secure is a Text Encryption Program Created with Visual Basic?
    • Programming and Computer Science
Replies
2
Views
2K
Unbreakable encyrption
    • General Discussion
Replies
9
Views
3K

Hot Threads

Recent Insights

Back
Top