Dan Appleman: Kibitzing and Commentary

My personal blog

Email obfuscation using Javascript is a popular way to hide Email addresses from spam-bots. One of the most popular of these was written by Jim Tucek at the Academy of Science at St. Louis. Unfortunately he hosted it on one of their student pages at http://www.jracademy.com/~jtucek/eencrypt.html, and the other day (during a website move), all of those pages were taken down, leaving web developers unable to create new Email addresses for sites that use the script. After getting a panicked call from a friend (who has many clients on the script), I decided to step in and see what I could do to help. The result can be found on my new Email Encryptor page.
This actually posed an interesting challenge. Jim used RSA encryption (about 10 bits) to encrypt the strings. I’m not sure why he chose an asymmetric algorithm instead of a symmetrical algorithm – as the primary result of this choice is to make it hard to create new Email addresses (in a symmetric algorithm you could use the decryption key to encrypt as well – so the loss of the original page would have had little impact. In an asymmetric algorithm having the decryption key offers no help). Fortunately, the algorithm itself is reasonably simple and widely published. Though I use cryptography a great deal, this was actually my first time doing the math, and translating some of the mathematical requirements into computer algorithms took a bit of thought. It was also the first time I’d really thought about modulus math. Finally, there was the Javascript coding itself. Though my primary expertise remains VB .NET and C#, I’ve gotten to do quite a bit of Javascript in the past couple of years (both in web projects and some Ajax work), so that part was relatively simple. By the way, I love the Visual Studio 2008 Javascript debugger – it doesn’t get much attention, but it’s very cool. As a side-effect I also got a nice prime number example to use next week at SD-West when I talk about the TPL, I mean “the Parallel Extension to the .NET Framework”.
So ultimately I was able to get it to work. It’s now live and hopefully will serve as a good resource to those left stranded when Jim’s page went down, and the rest of us in our never-ending battle to fight spam.