6

I am trying to use finger printing on my client side and got hold of this code as part of a bigger code.

function checksum(str) {
    var hash = 5382,
        i = str.length;

    while (i--) hash = (hash * 33) ^ str.charCodeAt(i);

    return hash >>> 0;
}

As you can see the hash is in plain sight. Can you please show me how or what implementation to use so I can hide or anything that can mask the hash = 5382. Thank you.

Improve this question
8
  • 3
    You can only obfuscate it, not really "hide it" Commented Oct 18, 2017 at 10:52
  • You can use CryptoJS: stackoverflow.com/questions/18279141/… Commented Oct 18, 2017 at 10:53
  • You need an asymmetric algorithm like RSA. Commented Oct 18, 2017 at 10:59
  • 1
    Please don't bother doing it... Commented Oct 19, 2017 at 19:51
  • 1
    Take this calculation to server, after all javascript is a client side language for browsers. Commented Oct 20, 2017 at 10:46

1 Answer 1

Reset to default
0

If you encode it with base64, but anyone can decode it easily. How sensitive is your hash?

str = "The quick brown fox jumps over the lazy dog";
b64 = btoa(unescape(encodeURIComponent(str)));
str = decodeURIComponent(escape(window.atob(b64)));

The output will be VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZw==

If you are using PHP you would just base64_encode() and base64_decode() to handle. You can make for example a input hidden with encoded value and then just get it's val and use the last line i gave you.

Base64 PHP http://php.net/manual/en/function.base64-encode.php and base64 JAVASCRIPT https://developer.mozilla.org/pt-BR/docs/Web/API/WindowBase64/atob . Or you could encrypt it's contents then uncrypt it server side. Heres a little class to encrypt/decrypt data (PHP):

<?php
namespace Company\Security;

/*
 *   @description: Simple class to wrap crypt function calls
 *   @author: Marco A. Simao
 */

class Crypto {

/*
 * returns encrypted data with iv appended at the begining of the string 
 */
public static function encrypt($data, $key)
{
    $iv = openssl_random_pseudo_bytes(16);

    $c = openssl_encrypt($data, 'AES-128-CBC', $key, OPENSSL_RAW_DATA, $iv);

    return $iv . $c;
}

/*
 * returns decrypted data. Expects 16 first bytes of data to be iv table.
 */
public static function decrypt($data, $key)
{
    return openssl_decrypt(substr($data, 16), 'AES-128-CBC', $key, OPENSSL_RAW_DATA, substr($data, 0, 16));
}
}

And you would need a decrypt in Javascript like: How to use the Web Crypto API to decrypt a file created with OpenSSL?

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

This seems good. Can you show me a sample implementation of it?
@stackquestions -- Please remember that this is not secure, any client can rewrite the script themselves and see the result. If your goal is to hide the string from cursory inspection from casual eyes, that's fine, but it won't provide any "real" security.
Yes, thanks for pointing out, I forgot to tell him, but I asked how sensitive it was :)
Can you please show me or just point a topic to me so I can study it. Thank you.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.