Is it possible to make the code of webpage secure so that noone can read it without for example a key?

I tryed this, ...

http://www.dynamicdrive.com/dynamicindex9/encrypter.htm

... but its not secure enough.

Are there ways?

no

then i think internetbanking is a risk!!!

it cannot be done with html and javascript...... but, it is my understanding that php and other serverside lanuages "hide" the code

Actually, it is not true that it cannot be done with JavaScript. Many people say this, mostly because it is not practical to do it, but it can be done. Server-side is really the way to go, but I am working on a JavaScript encription that should be hard to break. We will see, I guess. ;)

Is it possible to make the code of webpage secure so that noone can read it without for example a key?If you intend this to be a means to hide your source code, meaning the encrypted contect would have to automatically decrypt itself without user input then no. But you speak of requiring the user to input a key, so yes, it can be done.I am working on a JavaScript encription that should be hard to breakFar more can be done with what would appear to be garbage data than many seem to realize. Unless you have studied long and hard in cryptogography, discrete mathematics, and number theory, the likelyhood of you producing a secure algorithm is essentially 0 (no offense). And seems like quite a waste to take the time to develop an insecure algorithm when so many secure ones already exist. But if you wish to build it and test it anyway, you can ask for input at sci.crypt (FYI, make sure you read their posting guildline FAQ or you will probably end up getting flamed like you never thought possible :) ).

The current best choice for symmetric algorithm is Rijndael (chosen as the Advanced Encryption Standard). The dominant, or maybe the only, implementation I could find in JavaScript is here (http://www.cs.ucsd.edu/~fritz/rijndael.html).

I will try it ... thx!

Jeff - I know that it probably won't be truely secure, but it should be good enough that it would be impractical to break it. ;) I'm using chaos encryption, so hopefully it will be ok. :) BTW, what is sci.crypt? What is the address?

I know that it probably won't be truely secureIf you're doing this for your own education purposes, that's fine. But in a real application why spend the time and effort to build an insecure algorithm when a truly secure one already exists and is free to use?but it should be good enough that it would be impractical to break itAre you aware of all the different known attacks against ciphers? Differential cryptanalysis, linear cryptanalysis, related key attacks, timing attacks, power attacks, differential fault analysis, etc., and these are examples for only symmetric block ciphers. If you are not aware of all these, how they work, or how to guard against them then how can you intelligently say that your algorithm is impractical to break?I'm using chaos encryption, so hopefully it will be okYou're implementing the existing Chaos algorithm or using the mathematical theory to develop your own? Either way, I did some reading on both and although there were no definate results, the general consensus was that it is not suited for cypto.

If you're looking for an algorithm to implement, a good list to choose from are the algorithms supported by PGP since only provenly strong and secure algorithms are included.

[list=a]
AES (Rijndael)
CAST
DSS
Diffie-Hellman (ElGamal)
IDEA
MD5
RSA
SHA-1
TripleDES
Twofish
[/list=a]

http://groups.google.com/groups?group=sci.crypt

Jef

I have an algorithm but no program to encrypt data with it yet is there any where that I can have it tested or any one that can test it to see how secure it realy is?

You could try posting it to sci.crypt (http://groups.google.com/groups?group=sci.crypt), but you would probably have to offer some kind of cash reward for anyone to even bother with it. They get people just wanting to test their algorithms every day. Read their FAQ on Netiquette (ftp://rtfm.mit.edu/pub/usenet-by-hierarchy/sci/crypt/Cryptography_FAQ_(02_10:_Net_Etiquette)).

O.k., probably a stupid question, but your aren't developing this with client sided javascript are you?

...that to me would seem like a very silly idea.

Internet was begun to be an open source medium, I hope it stays the same. As long as html is not compiled language,it will be pretty simple to see the src code(heck even compiled apps are hackable).
To me,all this is a fruteless effort, trying to hide open source content is against the very idea of the internet.Just drop it guys..:D

No I haven't and wont be using java for any part of it. An as for giving a cash reward i have no money to reward anyone with. Lol. Just like most people I know.

Currently, there's no way to "secure" the source of a page without also "securing" the rendered version as well. Trustworthy Computing may allow for it, but it remains to be seen if MS can make software that isn't already broken, much less effectively uncrackable... In the meantime, most people claiming the contrary are looking to sell you something to (allegedly) do the job. They're all fraudulent or just plain ignorant. For now, the only code you can hide is on the server side. Period.

then i think internetbanking is a risk!!!

Not really, as internet banking security relies on server side stuff which is secure.


One point that is often missed in all these discussions is that no matter what fool-proof plan one uses to make the javascript code unreadable, it still must at some point be decrypted/whatever and laid bare inside the browser before it can be run. At this point, anyone with IE and InterDev can simply break into the browser and inspect all the code and variables, etc.

so... Game over man, game over!!!