Some investigation revealed this:
function getScrambledPassword(pwd) {
var cipher = ['k', 's', 'z', 'h', 'x', 'b', 'p', 'j', 'v', 'c', 'g', 'f', 'q', 'n', 't', 'm'];
var result="";
if (pwd == null)
pwd = "";
pwd = encodeURIComponent(pwd);
//alert("encoded password: " + pwd);
for(var i=0;i<pwd.length;i++) {
var cc = pwd.charCodeAt(i);
result += cipher[Math.floor(cc/16)] + cipher[cc%16];
}
//alert("scrambled password: " + result);
return result;
}
1 comment:
A long time ago I found a ColdFusion function the "encrypted" passwords, but you couldn't view the source of the function, because that would be a security risk. It took me (ME!) about 20 minutes to reverse the encryption using just my plaintext and the function results.
That was slightly more secure than this abomination.
Post a Comment