tuned by Will (a)ndri.st







Chris Veness:

Wheeler & Needham’s Tiny Encryption Algorithm is a simple but powerful encryption algorithm (based on a ‘Feistel cipher’).

This is a JavaScript implementation of the (corrected) ‘Block TEA ’ or ‘large block’ version of the algorithm (also dubbed ‘xxtea’) which operates on variable-sized blocks, as opposed to the 64-bit blocks of the original.

This is a simple but highly effective DES-style encryption algorithm which can be useful for web applications which require security or encryption. It provides very secure cryptographically strong encryption in concise, clear JavaScript code.

The Block TEA version is faster than the original (64-bit block version) when encrypting longer blocks (over 16 chars), and is more secure (‘a single bit change will change about one half of the bits of the entire block, leaving no place where the changes start’). It is also simpler to implement in JavaScript for encrypting arbitrary-length texts (being variable block size, it requires no ‘mode of operation’). For an implementation of the original algorithm, see TEA.html.

TEA uses a 128-bit key, which could (for increased security) be a ‘cryptographic hash’ of the supplied password. Here I simply convert the first 16 characters of the password into longs to generate the key. The password might be a user-supplied password, or an internal system password. A system password will be more secure if it avoids plain-text (e.g. ‘dVr4t%G§Uu+mz7+8’).

Speed: using IE on a 3GHz P4 the script processes around 80kB/sec (around 25 pages of text), though it slows down with longer texts. (Note longsToStr() function was changed March 2005 to improve efficiency).

For an explanation of the operation of the TEA algorithm, and cryptography in general, an excellent book is Information Security Intelligence: Cryptographic Principles & Applications by Tom Calabrese (available from Amazon.com). There is also a good article explaining TEA operation and cryptanalysis by Matthew Russell from York University and a short article in Wikipedia.

Note: if you are interested in cryptanalysis of TEA, bear in mind that there are 4 versions described in 3 documents: the original TEA, then Extentions to TEA (addressing weaknesses in TEA and also describing Block TEA), and Corrections to Block TEA (xxtea).

You are welcome to re-use these scripts [without any warranty express or implied] provided you retain my copyright notice and when possible a link to my website. If you have any queries or find any problems, please contact me. © 2002-2005 Chris Veness

William Andrist's adaptions

a) As the encrypted text of above example returned in unicode and not in ansi some word processors (e.g. pocket notes) didn't store the encryption result entirely correct. From this, decryption was not feasible later. In order to avoid such potential problems, encrypted text is now returned in code Base64 and therefore has to be entered in the same format for decryption as well. After implementing that. 

b) As recommended above, password becomes SHA-1 Hash of itself in order to provide better security. 

c) This version reads text to decrypt from URL as it follows after ....htm?e=....

Java script for SHA-1 was by Eugene Styer, Eastern Kentucky University; conversions in/from code Base64 and HEX by ostermiller.org. Observe their copyrights.  
Adapted  and optimized to run on both PC and Pocket PC. Withouth any warranty express or implied. By  will(a)ndri.st 20060209 updated 20070409.