Is there a way to obfuscate the password from the source code?

Question

I've made an escape game website and on my final task, I need the user to hash the final password and enter it in a box that'll redirect them to the end of the website. But, if you search in the Source Code of the website, you'll see the final password, and my question is, is it possible to hide it, to hide it from the source code? Here's the code:

Here's the image of my code, since it's bugged in StackOverflow (can't embed it)

at the line alert, it means that the password you entered is wrong

Store a *hash* of the correct answer and test whether a *hash* of the input equals the stored value… — deceze, Dec 26 '21 at 12:04
@deceze Yes, but im asking this to know how to do it, im a very beginner in HTML so i need some further explanations... — Zekeauh, Dec 26 '21 at 12:05
This should be async call to server db where you check if the values match. If you can't do that for any reason the hash is the best solution I guess. — digitalniweb, Dec 26 '21 at 12:05
try https://www.geeksforgeeks.org/how-to-create-hash-from-string-in-javascript/ — draz, Dec 26 '21 at 12:08
@draz I'll try this, thanks ! Will tell if its good for me :) — Zekeauh, Dec 26 '21 at 12:09
@draz How should i implement it ? I'm not understanding, it can store the hash but how do i verify the other one ? — Zekeauh, Dec 26 '21 at 12:13
you save the has of the password in the source. when the user inputs the password, you calculate the hash and compare it. if it is equal you can assume that the password was correct — draz, Dec 26 '21 at 19:39
Please do not use screenshots of your code or error messages and do not link to external sources. Screenshots are hard to read on mobile devices, they cannot be searched and none of us can copy, paste and run an image, links can get obsolete. Code should be included as text in the question itself. For more on this see [**Why may I not upload images of code**](https://meta.stackoverflow.com/questions/285551/why-not-upload-images-of-code-on-so-when-asking-a-question/285557#285557) on SO when asking a question? — Vickel, Nov 25 '22 at 00:22

score 1 · Answer 1 · answered Dec 26 '21 at 12:57

You can use this hashing function, from this Stack Overflow page:

String.prototype.hashCode = function() {
    var hash = 0, i, chr;
    if (this.length === 0) return hash;
    for (i = 0; i < this.length; i++) {
        chr   = this.charCodeAt(i);
        hash  = ((hash << 5) - hash) + chr;
        hash |= 0; // Convert to 32bit integer
    }
    return hash;
};

To use it, you first generate the hash of the password:

String.prototype.hashCode = function() {
    var hash = 0, i, chr;
    if (this.length === 0) return hash;
    for (i = 0; i < this.length; i++) {
        chr   = this.charCodeAt(i);
        hash  = ((hash << 5) - hash) + chr;
        hash |= 0; // Convert to 32bit integer
    }
    return hash;
};

document.querySelector('button').addEventListener('click', e => {
    console.log(document.querySelector('input#password').value.hashCode());
});

<input id="password" placeholder="Enter the password to hash">
<button>Hash</button>

Then, once you have the hash for the password you want, you store that hash in your pass1 variable. You also need to hash the user's input and compare it to the hash in pass1.

So your code would look like this:

String.prototype.hashCode = function() {
    var hash = 0, i, chr;
    if (this.length === 0) return hash;
    for (i = 0; i < this.length; i++) {
        chr   = this.charCodeAt(i);
        hash  = ((hash << 5) - hash) + chr;
        hash |= 0;
    }
    return hash;
};

pass1 = 99162322; // in this case, the password is hello

document.querySelector('button').addEventListener('click', e => {
    console.log(document.querySelector('input#password').value.hashCode() == pass1? 'Correct!' : 'Incorrect');
});

<input id="password" placeholder="Enter the password to hash">
<button>Test</button>

Is there a way to obfuscate the password from the source code?

1 Answers1