xxTEA (Tiny Encryption Algorithm)
tuned by Will (a)ndri.st
Wheeler & Needham’s Tiny Encryption Algorithm is a simple but powerful encryption algorithm (based on a ‘Feistel cipher’).
TEA uses a 128-bit key, which could (for increased security) be a ‘cryptographic hash’ of the supplied password. Here I simply convert the first 16 characters of the password into longs to generate the key. The password might be a user-supplied password, or an internal system password. A system password will be more secure if it avoids plain-text (e.g. ‘dVr4t%G§Uu+mz7+8’).
Speed: using IE on a 3GHz P4 the script processes around 80kB/sec (around 25 pages of text), though it slows down with longer texts. (Note longsToStr() function was changed March 2005 to improve efficiency).
For an explanation of the operation of the TEA algorithm, and cryptography in general, an excellent book is Information Security Intelligence: Cryptographic Principles & Applications by Tom Calabrese (available from Amazon.com). There is also a good article explaining TEA operation and cryptanalysis by Matthew Russell from York University and a short article in Wikipedia.
Note: if you are interested in cryptanalysis of TEA, bear in mind that there are 4 versions described in 3 documents: the original TEA, then Extentions to TEA (addressing weaknesses in TEA and also describing Block TEA), and Corrections to Block TEA (xxtea).
You are welcome to re-use these scripts [without any warranty express or implied] provided you retain my copyright notice and when possible a link to my website. If you have any queries or find any problems, please contact me. © 2002-2005 Chris Veness
William Andrist's adaptions
a) As the encrypted text of above example returned in unicode and not in ansi some word processors (e.g. pocket notes) didn't store the encryption result entirely correct. From this, decryption was not feasible later. In order to avoid such potential problems, encrypted text is now returned in code Base64 and therefore has to be entered in the same format for decryption as well. After implementing that.
b) As recommended above, password becomes SHA-1 Hash of
itself in order to provide better security.
c) This version reads text to decrypt from URL as it follows after ....htm?e=....
Java script for SHA-1 was by Eugene Styer, Eastern Kentucky University;
code Base64 and HEX by ostermiller.org. Observe their copyrights.
Adapted and optimized to run on both PC and Pocket PC. Withouth any warranty express or implied. By will(a)ndri.st 20060209 updated 20070409.