While cruising on one of my favorite haunts, alt.html, I found an advertisement for a WONDERFUL service that would encrypt your HTML pages and keep them free from prying eyes.  The Javascript dependency is thrown in for FREE, even though it wouldn't too too hard to remove that "issue."

 

Suspecting something slightly less than advertised, I had to wander over and go look.  Bored and curious, I stayed and decided to wander around their site even further.

 

First, allow me to present our guest for this evening,  Encryption Services.

Please, take a few moments to get to know our guest and make them feel suitable welcomed.

Then, wander over to the How it works and marvel at the secrets of Ascii to Hex conversions. If you'd like, copy the secret-encrypted message and change all of the '%' to ':' then visit a quick to Our friendly Hex-to-Ascii True, the hex-to-ascii site doesn't handle line feeds, but that hardly keeps us from seeing the secret password.

In our next WTF, the order page gives us the next WTF. $49.97. Need I say more?

Finally, for those of you who enjoy going into the world of WTF's, please continue as we get into the actual code of the deal. I'll short-cut you to the Member's Only page where you can click cancel to skip the password. Here, we take a quick look at some of the actual code used.

function hexfromdec(num) {
	if (num > 65535) { return ("err!") }
	first = Math.round(num/4096 - .5);
	temp1 = num - first * 4096;
	second = Math.round(temp1/256 -.5);
	temp2 = temp1 - second * 256;
	third = Math.round(temp2/16 - .5);
	fourth = temp2 - third * 16;
	return (""+getletter(third)+getletter(fourth));
}

function getletter(num) {
	if (num < 10) {
		return num;
	}
	else {
	    if (num == 10) { return "A" }
	    if (num == 11) { return "B" }
	    if (num == 12) { return "C" }
	    if (num == 13) { return "D" }
	    if (num == 14) { return "E" }
	    if (num == 15) { return "F" }
	}
}

Compare that to these functions for converting hex and dec.

  function d2h(d) {return d.toString(16);}
  function h2d(h) {return parseInt(h,16);} 

Then finally, our last WTF of the night.

// Courtesy of SimplytheBest.net (http://simplythebest.net/info/dhtml_scripts.html)

Though I do suppose that begins to explain a lot.

 

For the non-javascript, not-html people, let me explain simply.  You can't protect your HTML pages. You can't protect your images.  You can slow down some people a tiny, tiny bit -- and cause problems for everyone else.

The WTF is that they should have used base-64 instead of hex to save space?  I don't get it. 

 I'm particularly fond of this line:

if(pass=="Th!s!sMyPa$$W0rD" && pass!=null)

 

morbiuswilters:

The WTF is that they should have used base-64 instead of hex to save space?

Pfft.  Base64 is for wimps.  You guys should check out my new system, which I call Base256.  It's way better, because it has a bigger number.

bstorer:

Pfft.  Base64 is for wimps.  You guys should check out my new system, which I call Base256.  It's way better, because it has a bigger number.

 

Nerdy No-It-All!  NoBody Needs Numbers Bigger Than 8!

CodeSimian:

bstorer:

Pfft.  Base64 is for wimps.  You guys should check out my new system, which I call Base256.  It's way better, because it has a bigger number.

 

Nerdy No-It-All!  NoBody Needs Numbers Bigger Than 8!

What are you talking about? 2, 5, and 6 are all smaller than 8!

Lawl this is great.

trwtf is why they didn't bother to use the "encryption" on their own site. 

r3jjs:

First, allow me to present our guest for this evening,  Encryption Services.

 

should be "Encryption Serivces"

Always fun to see someone trying to "protect" things using Javascript like this. document.write(unescape("protected" string here)). Yawn.

If you want some more fun, test phpCodeLock. Download the free trial.  It's far worse than this.

Besides encrypting it really, really poorly, it introduces *several* critical vulnerabilities to every file you encrypt with it... 

The ONLY requirement is the user must be using a browser that supports Javascript.

This program...

• works with all browsers!

OMG this is so bad I want to cry!

I want to stab someone for this :/

Oh yeah, and I forgot ...

 For added security, you can feed the 'Finished product' (sic) into the 'Your Encryption Site Code Encryptor' (sic, again) numerous times. Oh, wait.... 

Simply put theperson who thought this would be a good idea for a company is also a good argument for pro choice.

galgorah:

Simply put theperson who thought this would be a good idea for a company is also a good argument for pro choice.

Well, let's be fair, somebody who would pay for this is obviously stupid.  Although I don't think it's likely, the company could just be exploiting the stupidity of their customers to make money which makes them awesome. 

I agree that this is a WTF, but it's extremely old news. I came across this exact method of "encrypting" sites back in the '90s (and almost fell for it). So, it's not front page material, really.

You'd think that people paying for this crap would be too stupid to reproduce... Alas, there seems to be no real IQ threshold on reproduction....;-)

ArieLex:

Alas, there seems to be no real IQ threshold on reproduction

Actually.. those with lower IQs tend to reproduce more. Maybe it's to counter the Darwin effect.

AbbydonKrafts:

Actually.. those with lower IQs tend to reproduce more.

That's because birth control takes intelligence to use.

 

AbbydonKrafts:

Maybe it's to counter the Darwin effect.

Intelligence above a certain level confers far fewer evolutionary advantages than one might think.  However, I think we are moving past the point where biological evolution matters -- ideas are now more important than biogoo.

AbbydonKrafts:

Actually.. those with lower IQs tend to reproduce more. Maybe it's to counter the Darwin effect.

 

(Shamelessly introducing Mr. Swamp again in this thread )
There isn't any proof that SS has reproduced, has he? According to the 'know less, spawn more' theory..... Argh, I don't want to think about that....

As you can see, it is hard to see. Yes, it can be cracked. Will it be easy? Heck NO! In fact, for the person who can crack this, they would probably have little if any need for your code, as they are probably already using some sort of encription on their site to protect it already, have access to most everything they already need, and would not need what you have to offer or have something even better already.

Will there be those that try to crack your code? Maybe. There are always those out there that need a new challenge. But for the other 99% of the Internet users, they will have no idea what your code is. In fact, you don't have to encrypt a whole page, you can do like I often do and encrypt only the major key parts of code you don't want copied.

For the most part, you will be helping to keep most of the honest people honest. Just like this site, no doubt there will be those that share the password with others, and those who do crack the code I use to make it work. However, it is enough to keep most honest a bit longer. It's kinda like spam. I know Spam happens. It will always happen, regardless, but I do some of the things I need to to keep most of it away.

I hope this site was started by a kid. It's ridiculously childish.

AbbydonKrafts:

ArieLex:

Alas, there seems to be no real IQ threshold on reproduction

Actually.. those with lower IQs tend to reproduce more. Maybe it's to counter the Darwin effect.

 

And thus the plot of Idiocracy. If you guys haven't seen this movie yet, you're in for a treat. 

Back on topic: wow, that's mind-bogglingly terrible. It's not encryption at all!

JamesKilton:

And thus the plot of Idiocracy. If you guys haven't seen this movie yet, you're in for a treat.

Thanks for reminding me. I meant to put that in the Blockbuster queue, but I forgot to.

AbbydonKrafts:

ArieLex:

Alas, there seems to be no real IQ threshold on reproduction

Actually.. those with lower IQs tend to reproduce more. Maybe it's to counter the Darwin effect.

 

 

Its not counter Darwnistic, its just another gene survival strategy.  Sometimes the strategy is having fewer offspring so resources are focused to offer them the best advantages.  Othertimes, its to pop out as many as possible and hope at least a few don't get themselves killed before they reproduce.  The latter is better when you don't even have the resources to give any real advantage to even one child.   

Genetic evolution is pretty much moot for humans at this point, but social evolution has replaced it at an exponential pace. 

the site:

As you can see, it is hard to see. Yes, it can be cracked. Will it be easy? Heck NO! In fact, for the person who can crack this, they would probably have little if any need for your code, ...

...because anyone who bothers with this junk has nothing worth protecting. The quality of the site's content is inversely proportional to gimmicks like this...

BeenThere:

Othertimes, its to pop out as many as possible and hope at least a few don't get themselves killed before they reproduce.

This is what I mean by the Darwin Effect! So far everyone has been talking about genetic evolution. That isn't called the "Darwin Effect". When that particular phrase is used, more than likely it indicates people who do things that have a high probability for injury or death. Take the Darwin Awards for example. Are they called that because they are awarded to supreme examples of humanity? No.. quite the opposite. Here's an example for the "Darwin Effect" phrase: Flybar Does its Part to Support the Darwin Effect.

In summary: Darwin Effect is culling the herd through unnatural selection -- not enhancing it through natural selection.

 Me too [:)] What if pass == null ?