Hello
how can I Secure My Scripts that Use login system . if a sniffer is in network then he can see my passwords so how can i encrypt or encode data transfer.is any function or algorithm to do this . like i want to encode pass word on client and send it to server and then decrypt it.

no . except this one. i want when a user click on submit button the script encode/encrypt his/her password and then send it to server .
what is client and server side scripts . (client using java script and server asp).i think this is more secure.

Now i'm not going to give this a Safest in the world security but you could always use a javascript oneway encryption function and then send the hashed password over the internet and then compare it on the server... that isn't the most seucre way but it would be better than nothing... what's better?

mypassword

or

LK4LK7J2LK4J74LK7J247JHG4O2I6G&25745852

the windows authentication system is pretty cool... Kerberos... Send the validation packet encrypted RC4 with the user's password, and then the client sends the unencrypted packet back with another encrypted packet inside of it for the server to know that it really is the user's computer

I would not recommend any client side encryption, if this is for a login app you could use DIGEST authentication which is  a bit like BASIC authentication but an MD5 digest is sent instead of plain text.

The trouble with client side encryption is:

1) You will never get it as strong as SSL because you won't be able to handle key's etc.

2) Anybody can view your code and identify weaknesses via View Source

Ant site with any sort of security requirement at all uses SSL. You can get a FreeSSL cert for $25-$30/year US. Or you could used shared SSL if your host supports them.

Shared SSL is probably adequate for most login scripts. The user has to OK a window that says the certificate ownership is not verified, but the encryption side of it works.

Couple of useful links:
http://www.sslreview.com/ssl-certificate-content/ssl-compare-table/index.html - http://www.sslreview.com/ssl-certificate-content/ssl-compare -table/index.html
http://www.whichssl.com/index.html - http://www.whichssl.com/index.html

You can do things client side, but you'll need an ActiveX control to do it, and then you have the exact same problem with normal javascript, but at a but more technical level. You'd need to have the ActiveX control encrypted itself, etc.

Encryption and compression are 2 of the most expensive core technologies in the world, and there's a reason for it. They are both close to rocket science.

Stick with SSL.

so...
give me MD5 Functions in VBscript and Jscript.
Jscript for Client side(to make One Way hash)
and VBscript For ServerSide(any idea acceptable)
yahoo use Md5 for Hash password and other. ot Vbulletin 3.0.0 use calcmd5 function(is it internal function of java because i dont found any other script to calculate md5 it seems to be internal function.)
there is no way to use SSL i should use this level Security  it is better than nothing. isnt it?

here is a Md5 JS
[CODE]
<script language="javascript">
/*
 * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message
 * Digest Algorithm, as defined in RFC 1321.
 * Copyright (C) Paul Johnston 1999 - 2000.
 * Updated by Greg Holt 2000 - 2001.
 * See http://pajhome.org.uk/site/legal.html - http://pajhome.org.uk/site/legal.html for details.
 */

/*
 * Convert a 32-bit number to a hex string with ls-byte first
 */
var hex_chr = "0123456789abcdef";
function rhex(num)
{
  str = "";
  for(j = 0; j <= 3; j++)
    str += hex_chr.charAt((num >> (j * 8 + 4)) & 0x0F) +
           hex_chr.charAt((num >> (j * 8)) & 0x0F);
  return str;
}

/*
 * Convert a string to a sequence of 16-word blocks, stored as an array.
 * Append padding bits and the length, as described in the MD5 standard.
 */
function str2blks_MD5(str)
{
  nblk = ((str.length + 8) >> 6) + 1;
  blks = new Array(nblk * 16);
  for(i = 0; i < nblk * 16; i++) blks = 0;
  for(i = 0; i < str.length; i++)
    blks[i >> 2] |= str.charCodeAt(i) << ((i % 4) * 8);
  blks[i >> 2] |= 0x80 << ((i % 4) * 8);
  blks[nblk * 16 - 2] = str.length * 8;
  return blks;
}

Or Some One Convet This Algo Into JS

[code]
<%
Function getSalt(intLen)
' Function takes a given length x and generates a random hex value of x digits.
' Salt can be used to help protect passwords.  When a password is first stored in a
' database generate a salt value also.  Concatenate the salt value with the password,
' and then encrypt it using the HashEncode function below.  Store both the salt value,
' and the encrypted value in the database.  When a password needs to be verified, take
' the password concatenate the salt from the database.  Encode it using the HashEncode
' function below.  If the result matches the the encrypted password stored in the
' database, then it is a match.  If not then the password is invalid.
'
'
' Note: Passwords become case sensitive when using this encryption.
' For more information on Password HASH Encoding, and SALT visit: http://local.15seconds.com/issue/000217.htm - http://local.15seconds.com/issue/000217.htm
'
' Call this function if you wish to generate a random hex value of any given length
'
' Written By: Mark G. Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact

 Dim strSalt
 Dim intIndex, intRand

 If Not IsNumeric(intLen) Then
  getSalt = "00000000"
  exit function
 ElseIf CInt(intLen) <> CDbl(intLen) Or CInt(intLen) < 1 Then
  getSalt = "00000000"
  exit function
 End If

 Randomize

 For intIndex = 1 to CInt(intLen)
  intRand = CInt(Rnd * 1000) Mod 16
  strSalt = strSalt & getDecHex(intRand)
 Next
 
 getSalt = strSalt

End Function

Function HashEncode(strSecret)
' Function takes an ASCII string less than 2^61 characters long and
' one way hash encrypts it using 160 bit encryption into a 40 digit hex value.
' The encoded hex value cannot be decoded to the original string value.
'
' This is the only function that you need to call for encryption.
'
' Written By: Mark G. Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact
'
' The author makes no warranties as to the validity, and/or authenticity of this code.
' You may use any code found herein at your own risk.
' This code was written to follow as closely as possible the standards found in
' Federal Information Processing Standards Publication (FIPS PUB 180-1)
' http://csrc.nist.gov/fips/fip180-1.txt - http://csrc.nist.gov/fips/fip180-1.txt -- Secure Hash Standard SHA-1
'
' This code is for private use only, and the security and/or encryption of the resulting
' hexadecimal value is not warrented or gaurenteed in any way.
'
    Dim strEncode, strH(4)
    Dim intPos
   
   
    If len(strSecret) = 0 or len(strSecret) >= 2^61 then
  HashEncode = "0000000000000000000000000000000000000000"
  exit function
    end if
   
   
    'Initial Hex words are used for encoding Digest. 
    'These can be any valid 8-digit hex value (0 to F)
    strH(0) = "FB0C14C2"
    strH(1) = "9F00AB2E"
    strH(2) = "991FFA67"
    strH(3) = "76FA2C3F"
    strH(4) = "ADE426FA"
   
    For intPos = 1 to len(strSecret) step 56
  
  strEncode = Mid(strSecret, intPos, 56) 'get 56 character chunks
  strEncode = WordToBinary(strEncode) 'convert to binary
  strEncode = PadBinary(strEncode) 'make it 512 bites
  strEncode = BlockToHex(strEncode) 'convert to hex value
  
  'Encode the hex value using the previous runs digest
  'If it is the first run then use the initial values above
  strEncode = DigestHex(strEncode, strH(0), strH(1), strH(2), strH(3), strH(4))

  'Combine the old digest with the new digest
  strH(0) = HexAdd(left(strEncode, 8), strH(0))
  strH(1) = HexAdd(mid(strEncode, 9, 8), strH(1))
  strH(2) = HexAdd(mid(strEncode, 17, 8), strH(2))
  strH(3) = HexAdd(mid(strEncode, 25, 8), strH(3))
  strH(4) = HexAdd(right(strEncode, 8), strH(4))
  
    Next
   
    'This is the final Hex Digest
    HashEncode = strH(0) & strH(1) & strH(2) & strH(3) & strH(4)
   
End Function

Function HexToBinary(btHex)

' Function Converts a single hex value into it's binary equivalent
'
' Written By: Mark Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact
'

    Select Case btHex
    Case "0"
        HexToBinary = "0000"
    Case "1"
        HexToBinary = "0001"
    Case "2"
        HexToBinary = "0010"
    Case "3"
        HexToBinary = "0011"
    Case "4"
        HexToBinary = "0100"
    Case "5"
        HexToBinary = "0101"
    Case "6"
        HexToBinary = "0110"
    Case "7"
        HexToBinary = "0111"
    Case "8"
        HexToBinary = "1000"
    Case "9"
        HexToBinary = "1001"
    Case "A"
        HexToBinary = "1010"
    Case "B"
        HexToBinary = "1011"
    Case "C"
        HexToBinary = "1100"
    Case "D"
        HexToBinary = "1101"
    Case "E"
        HexToBinary = "1110"
    Case "F"
        HexToBinary = "1111"
    Case Else
        HexToBinary = "2222"
    End Select
End Function

Function BinaryToHex(strBinary)

' Function Converts a 4 bit binary value into it's hex equivalent
'
' Written By: Mark Jager
' Written Date: 8/10/2000
'
' Free to distribute as long as code is not modified, and header is kept intact
'
    Select Case strBinary
    Case "0000"
        BinaryToHex = "0"
    Case "0001"
        BinaryToHex = "1"
    Case "0010"
        BinaryToHex = "2"
    Case "0011"
        BinaryToHex = "3"
    Case "0100"
        BinaryToHex = "4"
    Case "0101"
        BinaryToHex = "5"
 &

-------------
Sincerely
--------------------
http://www.TacPlusPlus.com - PowerFull Scripts For NTTacPlus

Tanx Dpyers For Your Good Link . I use My Last post (VBS) for Client and server side's and now Work Fine. tanx To All Answered MY Q.

To be perfectly honest, even SSL isn't going to protect people from themselves. Their passwords will still be stolen - keyloggers. I'm going to open up a new anti-keylogger in the near future, but it only works on IE. For complete protection, you need serious solutions. SSL is only a partial solution. Encryption can't protect against keyloggers - which are the most effective way to get passwords, credit card numbers, etc.

I'll post back when the anti-keylogger is available.

How will it prevent key logging whilst letting people work normally with their PC's?