~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Password and password tools
Plaintext to be encrypted
[Click here to change the number of pbkdf2 iterations]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Encrypted text (or hash) result
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Encrypted text for decryption
Decrypted text result
ABOUT and HELP
1) Local only.
This page is a single html5 file that runs fully locally. No accessing the internet.
No cookies. No other "local storage". No spying on you "justified" by some
company's asinine rationalization of their greater good. Only the links on the top
and bottom of the page try to go to the internet, but you can easily strip them out
when you make your own local .html file from this, which you should do.
2) Best way to run it.
Grab the source of this "page", save it into a local .html file, and it should run
just the same. That's actually the preferred way of running this -- to guard
against "meddling" on your page load. In fact, it's even better to run that local
.html file in some alternate browser that's cut off from the internet by whatever
means you like.
you can verify by looking at it in the page source, which I recommend you do.
The CryptoJS v3.1.2 files are pasted in this html page explicitly. Explicit pasting
is done so there is no accessing anything on the internet with the associated risks.
Anyone can verify that the pasted source codes here match the v3.1.2 files from
the proper sources on the internet. I recommend you do that. If they don't match,
don't use this code, because that means either this or the other is corrupted and it
might be this.
5) Format of the encrypted results.
The encrypted results here have the first N characters as hex (containing the salt
and the initialization vector), with the rest as base64. That's less than fully
desirable. Any encrypted stream generally should be indistinguishable from random
noise. The switch from hex to base64 "says something" about what's going on, but
since we're not trying to hide what that something is, it's okay to leave it like
that for now.
6) Size of the encrypted results.
Sending out the encrypted stream in (mostly) base64 means only 6 bits per renderable
character. So, the base64 part of the encrypted message is going to be 6/8ths as
dense as the original plaintext. That is, 8/6ths the size or 33% bigger (plus a
little for padding). The advantage is that the base64-encoded encrypted stream is
cut/pastable, renderable, and handlable as ordinary text. If the data stream didn't
need to be handlable as text, that part of the stream would be the same length as
the plaintext plus what ever small amount of padding proved necessary. Similarly,
the N hex characters at the beginning are only 4 bits each meaning that if they
didn't need to be handlable as text, then that part of the stream would only be N/2
7) Dealing with the base64 "/".
The "/" used by the base64 libraries has the disadvantage of sometimes being
rendered along with a carriagereturn and linefeed, which can add difficulty to
displaying and handling the resulting encoded text. I've included some functions
and buttons to replace the slash with a substitute character (probably "~") so the
text can be pasted into other programs with less difficulty. I adjusted the
decrypt function to treat both the slash and the substitute character as a slash.
That way, decrypting encrypted text that uses the substitute character will work
seemlessly. I might eventually get rid of the slash completely since any encrypted
text made by this program is only ever intended to be decrypted using this program.
---Actually, I *did* get rid of the slash. The alternate character is now used by
default, and the slash will never show up. If the slash does get in the box for
input for decryption, it is interpreted the same as the substitute character and
will work just the same.
Before the string in the encryption box is decrypted, any slash-substitutes are
first converted to actual slashes (which the decryption function expects),
then all non-base64 characters in the string are purged from it. This enables
breaking the "long string" up into rows and adding prefix and postfix characters
at the beginning and end to help in displaying and handling the encrypted text.
The "Cycle formats" button cycles through the N formats of the encrypted output text.
Currently, the three (or "N") formats are:
1) 64 characters per line (with prefix and postfix),
2) 32 characters per line (with prefix and postfix), and
3) No line breaks and no prefix or postfix.
Any format of the same base64 string will decrypt the same as the other formats.