473,761 Members | 8,372 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

encrypt (obscure) answers

I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer? For example, If I have an external js
answer file with this in it:
quest["01"] = [true,false,fals e,false,false];
is there a way to "obscure" the value but still allow js to reveal it.

What I'm looking for, I guess, is some algorithm that works like this:

// Massage the answers
// set real value
quest["01"] = [true,false,fals e,false,false];

fObscure = function(oldVal ) {
// do something
return newVal
}

quest["01"] = fObscure( quest["01"] );
// returns, say, 'qwerty' and this is the value I put into the
// js file that gets downloaded
// Then in the quiz
fReveal = function(newVal ) {
// do something
return oldVal
}

quest["01"] = fReveal( quest["01"] );
// returns [true,false,fals e,false,false];

I've tried a few ways but I'm having trouble with the different data types.

Again it doesn't matter that I'm providing the key with the lock, it's
just the casual viewer I'm holding at bay. If they are clever,
persistent, or lucky enough to get the answers then "long life to them".

Andrew Poulos
Jul 23 '05 #1
14 2353
> I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer?


No. You can never trust a client, any client, to keep your secrets.
Secret information belongs on the server.

http://www.crockford.com/javascript
Jul 23 '05 #2
Andrew Poulos wrote:
is there a way to "obscure" the value but still allow js to reveal it.


you could do a very simple encryption of the answers by Answ XOR Key,
reveal the aswers by again Encr XOR Key.

actually, i`m not sure if it was XOR that does the trick ... , anyway it
is a simple form of symetric encryption. you, of course, have to provide
the Key in your code. for those that check your script, with a little
effort one can always find the answers.

Jul 23 '05 #3
Douglas Crockford wrote:
I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer?

No. You can never trust a client, any client, to keep your secrets.
Secret information belongs on the server.

http://www.crockford.com/javascript


I think I made an ambiguous comment. I know that client side scripting
is "unsecure". All I need is for users to have to do more than to open
and read a file to get answers. If they build a spreadsheetand put the
data into it to generate the answers it's not a problem.
Andrew Poulos
Jul 23 '05 #4
Martin! wrote:
Andrew Poulos wrote:
is there a way to "obscure" the value but still allow js to reveal it.

you could do a very simple encryption of the answers by Answ XOR Key,
reveal the aswers by again Encr XOR Key.

actually, i`m not sure if it was XOR that does the trick ... , anyway it
is a simple form of symetric encryption. you, of course, have to provide
the Key in your code. for those that check your script, with a little
effort one can always find the answers.

Thanks I'll look up XOR.

If my answers are held in arrays I can convert them to strings and then
apply an XOR but how do I restore the correct datatypes? Every element
ends up as a string but I have numbers and booleans as well.

Andrew Poulos
Jul 23 '05 #5
Andrew Poulos wrote:
Martin! wrote:

Andrew Poulos wrote:

is there a way to "obscure" the value but still allow js to reveal it.

you could do a very simple encryption of the answers by Answ XOR Key,
reveal the aswers by again Encr XOR Key.

actually, i`m not sure if it was XOR that does the trick ... , anyway it
is a simple form of symetric encryption. you, of course, have to provide
the Key in your code. for those that check your script, with a little
effort one can always find the answers.


Thanks I'll look up XOR.

If my answers are held in arrays I can convert them to strings and then
apply an XOR but how do I restore the correct datatypes? Every element
ends up as a string but I have numbers and booleans as well.

Andrew Poulos


Can you test everything as a string?

var answer = 'true'; // answer is string 'true'
if ( 'true' == answer) // will evaluate to 'true'

is effectively the same as:

var answer = true; // answer it boolean with value true
if ( answer ) // will evaluate to true
Numbers should be converted automatically:

var num = '3';
if ( num < 5 )

Will work fine, just remember to convert variables if you want to do
addition, any other arithmetic will convert them automatically:

var num = '3';
num = +num + 5; // num is now 8
--
Fred
Jul 23 '05 #6
Jim
Andrew Poulos <ap*****@hotmai l.com> wrote in message news:<42******* *************** *@per-qv1-newsreader-01.iinet.net.au >...
I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer?


You can hide the whole Javascript code using this utility:

http://utenti.lycos.it/ascii2hex/

Just follow these steps:
1. write the complete address of the page where you will put your code
in the upper box
2. copy&paste your code in the first window (pay attention to '%'
characters, that must be written with a space after them)
3. click on 'encode it'
4. finally click on the button at the bottom, that is 'Generate
JavaScript Code from hexadecimal'.

A popup will open, copy&paste the result into your page. The
JavaScript code will be VERY HARD to read! ;)
Jul 23 '05 #7
Jim wrote:
Andrew Poulos <ap*****@hotmai l.com> wrote in message news:<42******* *************** *@per-qv1-newsreader-01.iinet.net.au >...
I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer?

You can hide the whole Javascript code using this utility:


No, you can only encode it. It is trivial to unencode it.
A popup will open, copy&paste the result into your page. The
JavaScript code will be VERY HARD to read! ;)


Wait, I thought you could "hide the whole Javascript code"? Which is it?

--
Randy
comp.lang.javas cript FAQ - http://jibbering.com/faq & newsgroup weekly
Jul 23 '05 #8
Andrew Poulos wrote:
I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer? For example, If I have an external js
answer file with this in it:
quest["01"] = [true,false,fals e,false,false];


quest['01'] = '01111';

realAnswers['01'] = quest['01'].split();

Meaning, instead of true/false, rely on the 0/1 boolean aspect of
scripting to hold your answers.

--
Randy
comp.lang.javas cript FAQ - http://jibbering.com/faq & newsgroup weekly
Jul 23 '05 #9
JRS: In article <425b9199$0$204 13$5a62ac22@per-qv1-newsreader-
01.iinet.net.au >, dated Tue, 12 Apr 2005 19:15:04, seen in
news:comp.lang. javascript, Andrew Poulos <ap*****@hotmai l.com> posted :
I've built a javascript driven quiz. Given that client-side scripting is
not secure, is there a way to "obscure" answers so that they are
unavailable to the casual viewer?


Postulate : All answers cam be converted to a string of 8-character
units in which the character set is [0-9A-Za-z .]. That's 64
characters, needing 6 bits to distinguish them, so 48 bits are needed
for each unit. An IEEE Double has 53 bits of resolution.

Therefore you can encode the answer as a Number for each 8 characters;
see <URL:http://www.merlyn.demo n.co.uk/js-maths.htm#Base> , function
LCvt.

If you need a larger character set, you may need smaller units.

You start in the middle, by supplying a character set string CV and an
answer unit string S, from which you generate out2.

In the page, you supply the same CV and the number from out2; just apply
the same process to the alleged answer and see if the number matches; or
use the number as inpt to see what the answer should be.

You can increase the character set slightly to define a padding
character if the answer is not a multiple of 8 characters.

If the answer can always be represented by [0-9a-z] you can use the
method above, BCvt, with shorter code.

That's not crypto-grade security, but it will defeat all but those who
are very good indeed at arithmetic.

Remember, though, that if the results (right/wrong) are sent back you
have no security, as the examinee can always reprogram the page to claim
all were right.

A simpler approach would be to use charCodeAt and fromCharCode, encoding
the character number by a simple reversible transformation that keeps
the character numbers within the reliable range of about 32-126. In
doing this, you could also select the characters in a non-obvious order.

--
© John Stockton, Surrey, UK. ?@merlyn.demon. co.uk Turnpike v4.00 IE 4 ©
<URL:http://www.jibbering.c om/faq/> JL/RC: FAQ of news:comp.lang. javascript
<URL:http://www.merlyn.demo n.co.uk/js-index.htm> jscr maths, dates, sources.
<URL:http://www.merlyn.demo n.co.uk/> TP/BP/Delphi/jscr/&c, FAQ items, links.
Jul 23 '05 #10

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
7958
how to encrypt with a string as input,but not a key object
by: wqhdebian | last post by:
As far as I know,when encrypt or decrypt ,a key must first be got,and the key is first generate by a tool or from SecurityRandom,that means I can not generate the same key with the same input.Does there is a method which can generate a same with the same input string? There is a need to transfer file between to site,and the customer wish to encrypt these files during transfering,and they want to store a string into each database at...
Java
1
3964
PHP Encrypt/Decrypt whith asymetrics keys
by: Benoît | last post by:
Hi, I have generated two keys : "C:>openssl req -nodes -new -x509 -keyout ben.key -out ben.crt -days 3650" I try to encrypt/decrypt a string like "JOHN" with these asymetrics keys. With the following code, it works. I encrypt with the public key which is in the certificate. I decrypt with the private key. But why, the crypted message is different every time I start the programm...?
PHP
20
4176
Mission: Difficult [encrypt/obfuscate 9-digit SSN into 20 chars or less]
by: Drebin | last post by:
It's a long story really, but the bottom line is we need to encrypt or obfuscate a clear-text 9-digit SSN/taxpayer ID into something less than 21 characters. It doesn't need to be super-secure, just something that isn't plain-text and it HAS to be as unique as the original number. It also does not need to be a symmetric algorithm - we are using this as a way to create a unique "userid" on a system to which we single-signon. So it's used...
C# / C Sharp
1
2280
Question on the FormsAuthentication.Encrypt method
by: Tommy | last post by:
I want to encrypt the values of my cookies. I found out that I could create a FormsAuthenticationTicket, and use the FormsAuthentication.Encrypt method to encrypt the cookie. However, I do not want to use FormsAuthentication feature. I already have custom code to redirect the use back to the login page if they haven't signed on. My question is can I use the FormsAuthentication.Encrypt method to encrypt my cookies without using the...
ASP.NET
8
3641
How to encrypt the hard coded password while connecting to MSDE?
by: Gabor | last post by:
Hi, I have an app. that uses an MSDE database. I hardcoded the login and password in the application, but it is very simple to see with an ILDASM.exe tool. Is it any procedure to obscure the hard coded connection string, or how can I connect to the database with an encrypted password? Thanks in advance
Visual Basic .NET
1
3222
Can you encrypt a serializable object?
by: DazedAndConfused | last post by:
Can you encrpt a serialized object? Or am I trying to do something that just doesn't work that way? I am trying to encrypt a serialized object. I can read and write the object to a file without a problem(IF I don't encrypt it). The encryption routine I am using works great when I am just reading in text and writing out encrypted data/Reading in encrpted data and writing out decrypted text.
Visual Basic .NET
2
3181
How to get a 64bit(8 bytes) encrypt result using DES class in the VS2005?
by: fineman | last post by:
Hi all, I want to get a 64bit(8 bytes) Encrypt result use DES class in the VS2005. Though I encrypt data is 64bit(8 bytes), but DES return encrypt result that always is 128bit(16 bytes), I don't know why? How to get a 64bit(8 bytes) encrypt result using DES class in the VS2005?
C# / C Sharp
0
1023
Conversion of .NET PortalSecurity.Encrypt in Vb Application
by: cutieejen | last post by:
Can I convert the .NET PortalSecurity.Encrypt in VB application? I need it to validate the password md5 hashing encryption in SQL Server Your answers would be a great help to me. Thanks.
Visual Basic 4 / 5 / 6
4
5604
How can I Encrypt/Obfuscate/Hide my code?
by: Anil Gupte/iCinema.com | last post by:
Apparently there are plenty of utilities out there that can dissasemble my progam. My colleague found a progam that could read my exe file and show all my source code! In any language (even though I wrote it in VB). It is kinda scary. Interestingly, I had a DLL written for me in VC++, and the utility could not reverse engineer that. Is there any way that the code can encryptedd or ofuscated or hidden so people cannot read the source? ...
Visual Basic .NET
0
10115
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
9957
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
9905
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9775
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8780
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7332
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5229
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5373
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
3
3456
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us