Encryption

[driveflexfuel]

I am new to encryption and I am creating a program that works with paypal buttons. How secure is an encryption like this

<script>
//<!--
document.write(unescape("%59%6F%75%20%68%61%76%65%20%66%69%67%75%72%65%64%20%6F%75%74%20%6D%79%20%65%6E%63%72%79%70%74%69%6F%6E%0A%3C%69%6E%70%75%74%20%69%64%3D%22%69%6E%70%75%74%22%20%6E%61%6D%65%3D%22%69%6E%70%75%74%22%20%20"));
//-->
</script>

If this is not secure enough can you suggest another way.

 

[Livewire]

I am new to encryption and I am creating a program that works with paypal buttons. How secure is an encryption like this

<script>
//<!--
document.write(unescape("%59%6F%75%20%68%61%76%65%20%66%69%67%75%72%65%64%20%6F%75%74%20%6D%79%20%65%6E%63%72%79%70%74%69%6F%6E%0A%3C%69%6E%70%75%74%20%69%64%3D%22%69%6E%70%75%74%22%20%6E%61%6D%65%3D%22%69%6E%70%75%74%22%20%20"));
//-->
</script>

If this is not secure enough can you suggest another way.

That ain't secure at all -

You have figured out my encryption
<input id="input" name="input">

In all honesty I'm not sure what you're trying to encrypt, so I've no idea what the best way -to- encrypt it would be.

What I -can- tell you is this: all I had to do to decrypt this was copy and paste it into an html document on my own pc, and open it. Right-click, View Source, Voila - code is right there for viewing.

Don't rely on anything that "disables" right click either - most of them I'm aware of utilize javascript, which anyone with NoScript can disable on a site by site basis - they can still get to the source code to read encryption like this.



Hopefully someone'll come along who has a better idea of what to do to encrypt stuff, cause I've got zilch for ideas - I just know encoding it with %HexCode is barely even encrypting it since everyone with a browser has the capacity to decode it.



Edit: Realized one other thing; this is displaying it to the screen for the user to view in an unencoded format - the end-user is getting both the encrypted -and- the decrypted version in your example. Not a good idea, so hopefully I'm missing how it was supposed to be used :S

 

[driveflexfuel]

I need to encrypt the form inputs but i need to be able to access the values of the inputs with JS if anyone can think of a way i can do this I am offering 500 credits for the assistance

 

[taekwondokid42]

<?php

$code = "Encrypt Me!";
$password = "don't tell";
$code = sha1($code.password);

echo $code;

?>

What you get returned will be 40 digits long and in hexadecimal. It's plenty secure for most sites. Even if the person messes with the cookies, he will need the password to bypass your security.

 

[olliepop]

Md5.

 

[taekwondokid42]

do NOT use md5. It's been cracked so that a normal comp can create a working collision in only 1 hour.

 

[xav0989]

You could generate a hash, and link it with some info.
Let me explain:

You generate a hash, and in a database, you store the hash next to the other info (name, email, password, etc.) next, instead of showing the actual info, you show the hash. When they click on the button, they are redirected to a page which reads the code, match it to a record, and send to paypal the info, in the background.