var rng;
    function do_init(nameToUse) {
if(document.ecdhtest.q.value.length == 0) set_secp192r1(); // set_secp192r1(); rng = new SecureRandom();
do_alice_rand();
}
function get_curve() {
return new ECCurveFp(new BigInteger(document.ecdhtest.q.value),
new BigInteger(document.ecdhtest.a.value),
new BigInteger(document.ecdhtest.b.value)); }
function get_G(curve) { return new ECPointFp(curve,
curve.fromBigInteger(new BigInteger(document.ecdhtest.gx.value)),
curve.fromBigInteger(new BigInteger(document.ecdhtest.gy.value))); }
function pick_rand() {
var n = new BigInteger(document.ecdhtest.n.value); var n1 = n.subtract(BigInteger.ONE);
var r = new BigInteger(n.bitLength(), rng); return r.mod(n1).add(BigInteger.ONE);
}
function do_alice_rand() {
var r = pick_rand(); document.ecdhtest.alice_priv.value = r.toString(); document.ecdhtest.alice_pub_x.value = “”; document.ecdhtest.alice_pub_y.value = “”; document.ecdhtest.alice_key_x.value = “”; document.ecdhtest.alice_key_y.value = “”; do_alice_pub();
}
function do_alice_pub() {
var before = new Date();
var curve = get_curve();
var G = get_G(curve);
var a = new BigInteger(document.ecdhtest.alice_priv.value); var P = G.multiply(a);
var after = new Date();
alicePubX = P.getX().toBigInteger().toString();
alicePubY = P.getY().toBigInteger().toString(); document.ecdhtest.alice_pub_x.value = alicePubX; document.ecdhtest.alice_pub_y.value = alicePubY; document.getElementById(“ecdhServer”).src = “twECDHServer.html?X=”+
alicePubX+ “&Y=”+alicePubY+ “&curve=”+name;
}
Alice’s values are sent to Bob, the receiver/server, in the last line of this code. The concatenated value is strengthened (stretched) by repeat- edly hashing thousands of times with Password-Based Key Derivation Function 2 (PBKDF2) methods.
Since password strengthening slows calculations, a range of 500 to 2500
produces acceptable results with minimal delays. SJCL uses thousands of repeated hashes to make brute force attacks harder and the pattern used is : Hash(Salt | Hash(UserName | “:” | Password)), so the concate- nated “Salt”,”UserName”, “:”, and “Password” might look something like this: “9+Va5voDXA=JohnSmith:k473#bGu!Oo6*27\Y1n0a9c~”.
The colon ( : ) between User Name and Password makes each pair unique, and avoids hashing user name “timSmith” and password “old- man”, the same as “timSmit” and “holdman”. With no “:”, the string for both is timSmitholdman, vs timeSmith:oldman and timSmit:holdman with a “:”.
Two parties using Diffie-Hellman agree on a large prime number, “N”, and a smaller number “g” that’s primitive with respect to N. g being primitive to N means that integers, “k”, can be found where ( k = gi mod N)forallthevaluesofifrom1toN-1.SogisprimitivetoNifallofthe individual values of k are also equal to all the integers from 1 to N-1.
Hash functions are one-way, so it’s extremely difficult to derive the original string from the hash. To ensure validity that it hasn’t been tam- pered with, and that it comes from a trusted source, a known and ex- pected hash value for encrypted text is compared to a newly computed hash value.
The English language has about 100,000 words, so to brute force crack a hashed password up to 100,000 attempts might be needed. By adding a 32-bit salt to the password, the number of possible passwords are:
                                         Password Possibilities
Salt Possibilities
Hash calculations required = Password Possibilities * Salt Possibilities Hash calculations required = 100,000 * 232
Hash calculations required = 429,496,729,600,000
Seeded/salted strings are strengthened in this way to resist attacks that use precomputed “Rainbow” tables to crack cryptographic hash functions.
With CBC (cipher block chaining) encryption, whole blocks of text of the specified length are encoded, and each encoded text block depends on the previous source blocks. If needed the last block is padded to make it the required fixed block length, and as there is no data before the first block, messages are encoded with a unique, random initializa- tion vector (IV).
Note that compression must NOT be used. It makes text vulnerable to hacking by replacing repeating character strings with smaller tokens.
= 100,000
= 232 ( 32-bit )
            29 | Human Readable Magazine