improve encryption

web/SimpleWebPage.py

@@ -159,10 +159,9 @@ def generate_password_page(path, password_file, password):
 
 
     def scramble(p,t):
-        p = (p * (int(len(t)/len(p))+1))[:len(t)]
+        p += t
-        t = (t * (int(len(p)/len(t))+1))[:len(p)]
         s = ''
-        for i in range(len(p)):
+        for i in range(len(t)):
             s += chr(ord(p[i]) + ord(t[i]))
         return s
 
@@ -171,24 +170,31 @@ def generate_password_page(path, password_file, password):
         return base64.b64encode(s.encode('latin1')).decode('ascii')
 
 
-    def random_string(stringLength=8):
+    def random_string(stringLength=16):
         letters = string.ascii_lowercase + string.digits
         return ''.join(random.choice(letters) for i in range(stringLength))
 
 
     def get_target(filename):
-        return "{0}.{2}{1}".format(
+        splitted = os.path.splitext(filename)
-            *os.path.splitext(filename) + (random_string(),)
+        return ( 
+          splitted[0],
+          random_string(),
+          splitted[1]
         )
 
-    target_file = get_target(password_file)
+    target_base, target_middle, target_ext = get_target(password_file)
     secret = "{}:{}".format(
         ha(password),
-        enc(scramble(password, target_file))
+        enc(scramble(password, target_middle))
     )
     with open(os.path.join(path, password_file), 'wt') as f:
-        f.write(get_password_page(secret))
+        f.write(get_password_page(secret, target_base, target_ext))
-    return target_file
+    return "{}.{}{}".format(
+        target_base,
+        target_middle,
+        target_ext
+    )
 
 
 def get_filelink(path,fname,images=False):
@@ -238,7 +244,7 @@ def get_pathlink(path,dname):
     )
 
 
-def get_password_page(secret):
+def get_password_page(secret, target_base, target_ext):
     return """<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
 <html>
 <head>
@@ -258,8 +264,7 @@ Object.defineProperty(String.prototype, 'hashCode', {
   }
 });
 function scramble(p,t) {
-    p = p.padEnd(t.length, p);
+    p += t; 
-    t = t.padEnd(p.length,' ');
     var sstr = '';
     for (var i=0; i < t.length; i++) {
       sstr += String.fromCharCode(p.charCodeAt(i) + t.charCodeAt(i));
@@ -267,11 +272,12 @@ function scramble(p,t) {
     return sstr;
 }
 function unscramble(p,t) {
-    p = p.padEnd(t.length, p);
-    t = t.padEnd(p.length, ' ');
     var sstr = '';
+    var schr = '';
     for (var i=0; i < t.length; i++) {
-      sstr += String.fromCharCode(t.charCodeAt(i) - p.charCodeAt(i));
+      schr = String.fromCharCode(t.charCodeAt(i) - p.charCodeAt(i));
+      sstr += schr;
+      p += schr;
     }
     return sstr;
 }
@@ -285,7 +291,7 @@ function pw(element) {
     if (element.value) {
         pw = pw.split(':',2);
         if (element.value.hashCode() == parseInt(pw[0])) {
-            this.location.href = unscramble(element.value, atob(pw[1]));
+            this.location.href = "TARGET_BASE." + unscramble(element.value, atob(pw[1])) + "TARGET_EXT";
         } else {
             document.getElementById("message").innerHTML = "No match";
             setTimeout(clear_message, 5000);
@@ -326,7 +332,19 @@ function newPass(password, target) {
 <noscript><br>Javascript is required to access this area. Yours seems to be disabled.</noscript>
 </div>
 </body>
-</html>""".replace("SECRET",secret)
+</html>""".replace(
+    "TARGET_EXT", 
+    target_ext,
+    1
+).replace(
+    "TARGET_BASE", 
+    target_base,
+    1
+).replace(
+    "SECRET",
+    secret,
+    1
+)
 
 def get_header(opts):
     header='''<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">