Lamest "security" ever. « Steven Osborn

Hide threads | Keyboard Shortcuts

steve918 11:56 am on April 22, 2008 Reply
Tags: javascript, Security

Lamest "security" ever.

Normally I would abstain from pointing out security issues on other’s websites, but since this bit of code provides absolutely no security at all I can do so with a clear conscience. The bit of code below is from my former banks personal account login. I quickly changed banks after realizing how much they understand/care about security.

function encryptString(strPlain) {
  // Convert to lower case
  var strCipher;
  // Run the reflection cipher on each letter in the string
  var strCipher = "";
  for (i=0; i<strPlain.length; i++) {
    strCipher = strCipher + flipLetter(strPlain.charAt(i));
      }
  return strCipher;
}
function flipLetter(chrLetter) {
  // Executes a reflection cipher,
  // substituting one letter for its alphabetic inverse
  switch(chrLetter) {
    case "a": chrLetter = "z"; break;
    case "b": chrLetter = "y"; break;
    case "c": chrLetter = "x"; break;
    //etc, etc...
    case "X": chrLetter = "C"; break;
    case "Y": chrLetter = "B"; break;
    case "Z": chrLetter = "A"; break;
    default: chrLetter = chrLetter; break;
  }
  return chrLetter;
}

No, your eyes don’t deceive you. They really did think a letter-substitution cypher written in Javascript was ok.

Monsanto 8:45 am on April 28, 2008 Permalink | Reply

LOL…just what I needed this morning!

Reply Click here to cancel reply.

c: compose new post
j: next post/next comment
k: previous post/previous comment
r: reply
e: edit
o: show/hide comments
t: go to top
l: go to login
h: show/hide help
esc: cancel