Secure HTML?
Results 1 to 6 of 6

Thread: Secure HTML?

  1. #1
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,229

    Secure HTML?

    Is anyone familiar with "Secure HTML?"

    http://www.buildwebsite4u.com/tools/secure-html.shtml

    It takes any HTML file and creates new "secure" HTML file that is encrypted and asks for a password when you try to open it. If you enter the correct password, you'll see the original document, otherwise you'll see the blank window or a few meaningless characters.

    The browser caches the encrypted version of the file, the original version exists only on your screen. Therefore, this method of creating password protected web pages is safer than many others.

    And wondering what, exactly, they mean by:

    The main purpose is creating password protected Web pages for your home or office computer. However, you can place them on any Web server to make them available to somebody else. Just keep in mind that encryption algorithm is simple and ensures only "home" security.
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    see another example bellow (attached html zipped)

    Translation guide (html page is in portuguese)

    "senha" means "password"

    "abrir" means "open"

    page is protected by a password --> eduardo

    write password on field and hit "abrir"

    you will see the result. Its a scrambled java script....
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    The main purpose is creating password protected Web pages for your home or office computer. However, you can place them on any Web server to make them available to somebody else. Just keep in mind that encryption algorithm is simple and ensures only "home" security.
    I've never heard of this... but don't think I'd even give it a chance... they ruined any chance of that. But at least they are honest and don't give a false sense of security.

    So, how can they call it "secure"?
    If it is not "secure" enough for business use, why woule one use it for home use?
    Why not just use SSL?

    I wonder what they consider "home" security...

    Then again... I didn't RTFA... I'm going back to do that now.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    On the screenshot, it looks as though they have
    • an Input textfield
    • an Output textfield
    • and a password textfield


    I assume what that means if you download the "encrypted" HTML, label what you want the output HTML file to be, enter your password, and you can read this secret webpage.

    I'm thinking, wouldn't it suck if you have some index.html with several hundred internal links to other pages? or does this password work for all internal "encrypted" HTML pages? Doesn't seem like it - but its possible.

    I still wouldn't trust it, and like phisphreak80 said, why not just use SSL?

    On another note, why would one need this? Even for "home" security purposes, I've yet to find this useful.
    ...This Space For Rent.

    -[WebCarnage]

  5. #5
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    And you guys haven't taken the time to play with it? There's a free web-based demo that lets you encrypt a page online without installing anything

    I took it out for a quick spin (~20 mins), and then looked at what is under the hood. The code is a complete mess of global variables and very unhelpful variable and function names. Not only that, but keeping track of each variable as the program works to decrypt something is tough, because there is not one, but two containers that are unlabled storing something, and the rest of the variables sort of dynamically change during the decryption process. The code is so knotted into itself that it literally rapes the leniancy of JavaScript syntax to the limit. It is a complete mess to figure out.

    And I must say that so far, it is the best "encrypted HTML" design/implementation I've seen so far. Just looking at the decryption engine gives me headaches trying to sort out what the hell happens. It is a complete mess, and one of the best messes I've seen so far. Props to the people who made this.

    Of course, after you can make sense of what is happening, breaking the algorithm isn't too much of a problem, although good thing for them the didn't implement any error checking (there is one case it error checks, but it doesn't normally happen at all). But for the addicts that saw the appropriate thread, think of it sort of like what I did to reverse engineer lepricaun's challenge and generate more passwords that worked...I just haven't got that far with this algorithm (no comments / description of variables/funcions) and I don't intend on spending my time doing so.

  6. #6
    Junior Member
    Join Date
    Aug 2004
    Posts
    13
    Originally posted here by cacosapo
    see another example bellow (attached html zipped)

    Translation guide (html page is in portuguese)

    "senha" means "password"

    "abrir" means "open"

    page is protected by a password --> eduardo

    write password on field and hit "abrir"

    you will see the result. Its a scrambled java script....
    Yes and because it is Javascript any browsers that have Javascript disabled will not be able to use this page. If you want a secure page then I recommend you learn a server side language like PHP and also learn Mysql and create password protected pages that way instead of putting the protected information right in the document itself.

    Also I think they mean that it is only good for home security because most home computer users who just get on the internet to check email, use instant messenger things like that wouldn't know how to get passed that Javascript.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •