November 18th, 2003
Hints on Usage


Generation of SDA archives

JavaScript may not cause or write any files. Well, you will have to produce them "manually". This is quite simple. For example with Microsoft Windows follow this approach:
  • After click on: "Create a JavaScript SDA" type your plaintext into the upper window or better first prepare the text with an Editor program and then "copy" and "insert" it into the plaintext window (right mouse button).
  • Enter your passphrase, then push "Encode".
  • Place cursor into the lower window,
    right mouse button, Mark all
  • Right mouse button, Copy
    The generated html source code is in the Windows clipboard now.
  • Start | Program Files | Accessories | Editor
  • Right mouse button, Insert
  • File | "Save as ..."
    Navigate to a suitable position on the disk, e.g. C: \
  • Name the file e.g. "secret.htm" and save.
    (Extension must be htm or html!)
  • Start | Program Files | Windows Explorer
  • Look for the html file just stored, e.g. at C: \
  • Double-click on "secret.htm"
    Internet Explorer pops up. Enter your passphrase and check the result.
  • The file can be sent as appendix of an e-mail.

Experience and security issues

It seems to be a good choice writing the plaintext as html file. All lay-out possibilities can be used by doing so. But consider that html files have a regular beginning - they always start with <html> somehow. This can be exploited at the cryptographic analysis.

But pure ASCII text must not contain any vowel mutations or other special signs. And, that is important, no html-tags! Regard that the browser will interpret html-tags even if they are inside a <pre>-area. Best you avoid the angular bracket "<" completely.

The key assignment is the main problem, as usual. Coming up with a good question that asks for a common knowledge with the receiver is not simple. For such cases it is recommended to change the line

  <input type=password name=passphrase size=50>

into

  <input type=text name=passphrase size=50>
    
Experience shows, that if only asterisks are reflected as input echo in the passphrase line, people simply write everything in lower case letters. However, a "jennifer" isn't a "Jennifer".

The plaintext file shouldn't be longer than 10..15 kbytes. Otherwise the decoding lasts too long and the receiver doesn't know what the matter is: "Has it crashed now or what"?

Never use the same password (the same passphrase) repeatedly. If your SDA is intended rather to have a secure communication with a partner than as an archive, then you should integrate at least a sequence number or something similar into your passphrase.