moo-im-a-cow · March 21, 2017 00:44
diff --git a/AESTEST.php b/AESTEST.php
 <?php
 //TESTING THE ENCRYPTION FROM https://gist.github.com/chrisns/3992815
 /*
 Just a quick warning:
  THIS TEST IS INSECURE!
  Even though the text is encrypted between the server and the client,
  The password that an attacker would need access to in order for him to decrypt it
  is hardcoded along side the encrypted text,
  any attacker can visit this page, see that the password "i_love_passwords" is used to decrypt,
  and now they can decrypt anything sent to or from the server.
 */
 require("aes.class.php");
 $var[0] = AesCtr::encrypt("very secret text", "i_love_passwords", 256);
 ?>
 <!doctype html>
 <html>
 <head>
 <meta charset="UTF-8">
 <title>Untitled Document</title>
 <script src="aes.js"></script>
 <script type="application/javascript">
 var q = Aes.Ctr.decrypt("<?php echo $var[0];?>", "i_love_passwords", 256)	
 alert(q);
 	</script>
 </head>
 <body>
 </body>
 </html>
	<?php
	//TESTING THE ENCRYPTION FROM https://gist.github.com/chrisns/3992815
	/*
	Just a quick warning:
	THIS TEST IS INSECURE!
	Even though the text is encrypted between the server and the client,
	The password that an attacker would need access to in order for him to decrypt it
	is hardcoded along side the encrypted text,
	any attacker can visit this page, see that the password "i_love_passwords" is used to decrypt,
	and now they can decrypt anything sent to or from the server.
	*/
	require("aes.class.php");
	$var[0] = AesCtr::encrypt("very secret text", "i_love_passwords", 256);
	?>
	<!doctype html>
	<html>
	<head>
	<meta charset="UTF-8">
	<title>Untitled Document</title>
	<script src="aes.js"></script>
	<script type="application/javascript">
	var q = Aes.Ctr.decrypt("<?php echo $var[0];?>", "i_love_passwords", 256)
	alert(q);
	</script>
	</head>
	<body>
	</body>
	</html>