Crypto

The attached ZIP file contains Javascript and a Ruby module that can be used to encrypt data between a web-browser and a server. They use an algorithm called BlockTEA which is a symetrical encryption algorithm and which is realtively fast but strong.

I use them to encrypt form data in transit between the server and the browser and decrypt it at either end. This is useful if you're stuck with a hosting plan that doesn't include SSL.

Whilst its reasonably strong, it does suffer from a few weaknesses, the main one being that the encryption key is transmitted as plain text from the server to the client at some point. See my blog post for a longer discussion of these issues.

Click here to download the ZIP

Click here to browse the subversion repository .

4 Responses to “Crypto”

  1. Andy Says:

    Thanks! I needed a simple encryption algorithm today for some web stuff and this works perfectly :)

  2. Pete Says:

    I’m trying to figure out the lisence agreement to use this code. Is it GPL, BSD or something else? I would like to use one of the methods in this code, but I also would need to give credit and have license to use. So can you help me out?

  3. judge Says:

    Which function?

  4. Archange Says:

    Thanks, that is a very handy function. Just what I needed.

    However there is a small bug I think : when you encode in base64, one of the resulting character can be ‘+’ but transmitted over http and automatically decoded from an input in ruby and this character turns to ‘ ‘ (space) which obviously causes problem to decode.

    This is different than the commented part you left in the code, since this problem is after the encryption and not in the original text.

    Therefore the problem appears randomly. It depends on the original text.

    This problem appeared to me under Redmine with FF (not tested with IE but should be the same).

    Regards

Leave a Reply