Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
95 views
in Technique[技术] by (71.8m points)

javascript - Encryption at browser level

I call an external javascript file. Please find below my code in JSR223 Sampler:

load('EncryptionLogic.js');

var result1 = encrypt("1087679107122020","password");
var result2 = encrypt("433702216042014","password1");
log.info("encrypted value is "+result1);
log.info("encrypted value is "+result2);
var result3 = encrypt("CONOPSFD1","password2");
log.info("encrypted value is "+result3);

Also, find below the response received:

2021-01-25 12:52:00,952 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc6
2021-01-25 12:52:00,953 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f
2021-01-25 12:52:00,955 INFO o.a.j.p.j.s.J.JSR223 Sampler: encrypted value is a9a54ac54e040f68e7713f93c14b65f10099fdc613cf465e02355807d28e3ae65913d800fea99f6a7aede54d846f7bf805d7423b

Basically the values are getting concatenated. i.e. result2 has result1 string as well. result3 has result1 and result2. Looks like something needs to be cleared somewhere.

Below is the javascript file content

//Encrypt is done using the following Javascript function, the key is 'password'. It is passed as pwd variable in the below function (2nd argument below):
 var enc_str = "";
function encrypt(str, pwd) {
    
  if(pwd == null || pwd.length <= 0) {
    //alert("Please enter a password with which to encrypt the message.");
    return null;
  }
  var prand = "";
  for(var i=0; i<pwd.length; i++) {

    prand += pwd.charCodeAt(i).toString();
    //alert(prand);
  }
  var sPos = Math.floor(prand.length / 5);
  //var mult = parseInt(prand.charAt(sPos) + prand.charAt(sPos*2) + prand.charAt(sPos*3) + prand.charAt(sPos*4) + prand.charAt(sPos*5));
  var mult = parseInt( prand.charAt(sPos*2) + prand.charAt(sPos*3));

  var incr = Math.ceil(pwd.length / 2);
  var modu = Math.pow(2, 31) - 1;
  if(mult < 2) {
     //alert("Algorithm cannot find a suitable hash. Please choose a different password. 
Possible considerations are to choose a more complex or longer password.");
                showNewErrDiv('1',getConvertedErrorString('Algorithm cannot find a suitable hash. Please choose a different password.')+ '
'+ getConvertedErrorString('Possible considerations are to choose a more complex or longer password.'),'','1','');
    return null;
  }
  var salt = Math.round(Math.random() * 1000000000) % 100000000;
  //var salt = Math.round(Math.random() * 100000) % 10000;
  prand += salt;
  while(prand.length > 15) {
    prand = (parseInt(prand.substring(0, 15)) + parseInt(prand.substring(15, prand.length))).toString();
  }
  prand = (mult * prand + incr) % modu;
  var enc_chr = "";
 
  for(var i=0; i<str.length; i++) {
    enc_chr = parseInt(str.charCodeAt(i) ^ Math.floor((prand / modu) * 255));
    if(enc_chr < 16) {
      enc_str += "0" + enc_chr.toString(16);
    } else enc_str += enc_chr.toString(16);
    prand = (mult * prand + incr) % modu;
  }
  salt = salt.toString(16);
  while(salt.length < 8)salt = "0" + salt;
  enc_str += salt;
  return enc_str;
}
question from:https://stackoverflow.com/questions/65880891/encryption-at-browser-level

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

Move your var enc_str = ""; inside the encrypt() function like:

function encrypt(str, pwd) {
var enc_str = "";   
//your other code

Currently it's global therefore on subsequent calls the new values are being concatenated and if you need to clear the old value - it needs to be done inside the function

Also be aware that according to JMeter Best Practices you should be using Groovy language for scripting so it worth considering migrating to Groovy for the optimal performance. More information: Apache Groovy - Why and How You Should Use It


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...