Yep...I've played around with it a bit...of the encryption software out there, it's probably the best. It has some good options and is more flexible than most.

How does it encrypt the data?

How does it encrypt the data?

It shuffles it. It creates two strings - one of characters at odd positions, the other those at even positions. It then concatenates them.

So, "The cat" -> "T e c t" + " h a " -> "Tectha"

It also does some replacements of things which it can't put in the "encrypted" string, so ' becomes ` and \\ becomes @@. It also tries to hide carriage returns.

I think it would take me all of five minutes to break, if I could be bothered. A Perl script to "decode" a webpage would probably be all of ten lines I think.

Are people actually paying real money for this?

Are people actually paying real money for this?

Yes, about $60 for the full version.

It looks just like the Microsoft Script "encoder".
And probably just as effective.

However, it doesn't work qith my IIS Emulator and I need something to work with the emulator.

Any encryption of this sort has to be based on fairly simple "symmetric" rules and those rules essentially necessitate that the encryption can be broken very easily.

The fundamental principle is that a browser, any browser anywhere, must be able to read the page. If that's possible, it means that a diligent user must have that ability also.

You may find this interesting
Snake Oil Warning Signs: Encryption Software to Avoid [interhack.net]

Looking at their FAQ I notice two things:

1. will work in any javascript enabled browser.

Ergo - download the the javascript file that is doing the decrpytion and you should be good to go. I can't believe that would be that hard.

2. They have the following question in the FAQ

You said HTML Guardian will dramatically increase visits to my site, but there is no difference at all.
We said that it could do so, not that it will! By encrypting your site, HTML Guardian will protect it from being blocked by web content filters.

Conclusion -it's chief utility is letting "objectionable" sites get through to children.

Maybe that's incorrect and it's tougher and meaner than I think, but
1. I wouldn't use it to protect anything that really mattered
2. I would only protect something that really did matter.

Tom

I would expect an encrypted page to scare the spiders away?

jb

Encrypted pages would definitely scare spiders away - spiders don't tend to execute Javascript, so it would be good as putting all your text in one big image.

ergophobe: when they say "will work in any javascript enabled browser", what they really mean is "the decryption stuff will work in Javascript browsers, but you won't be able to view the page still because we encoded a broken browser sniffer that will stop you accessing it" ;)

Seriously, check out their demo using Mozilla. Turn off Javascript, you don't get any content. Turn it on, and you get a cute message box telling you to upgrade. And still no content.

You would have to seriously not want people to use your webpages to "protect" them with this (although I assume the browser checker is some paid-for extra ;)

The protection is not whether someone can view source or steal a javascript.

Protection is needed to distribute ASP applications to remote servers and even desktop browser-based applications. The HTML is not important, the business logic coded in the ASP code is.

Seriously, check out their demo using Mozilla. Turn off Javascript, you don't get any content. Turn it on, and you get a cute message box telling you to upgrade. And still no content.

Try it in Firebird and you get a not so cute infinite loop.

txbakers - I have been looking, but I can't find any of the sites that I was looking at the other day. They had open-source encryption for PHP and HTML and were pretty honest about what they could and could not do.

All the ones that I saw use some sort of symmetric encryption, which means someone just has to run through a variety of well-known encryption routines and they have your source. Granted, this is not going to be the average person who can do this.

To make it harder, they throw in additional little tricks - concatenation of transformations so you have to get the order right. That makes it harder still.

It's definitely a deterent, and if you just use it server-side, it seems like it would not be nearly so annoying as that stupid demo page that HTML Guardian has.

Tom