2

I'm trying to make a secure login system using Flash (AS3) and C # as a server. But I have this problem:

Error: Error #1502: A script has executed for longer than the default timeout period of 15 seconds. at com.hurlant.crypto.rsa::RSAKey/_encrypt()[RSAKey.as:115] at com.hurlant.crypto.rsa::RSAKey/encrypt()[RSAKey.as:89] at client.login::createLogin$/rsaEncrypt()[login.as:30]

In Flash I use the AS3-CRYPTO library: https://github.com/timkurvers/as3-crypto

Flash codes: login.as

        private static var w:String = "abcdefghijklmnopqrstuvwxyz";

        private static var privKey = "zRSdzFcnZjOCxDMkWUbuRgiOZIQlk7frZMhElQ0a7VqZI9VgU3+lwo0ghZLU3Gg63kOY2UyJ5vFpQdwJUQydsF337ZAUJz4rwGRt/MNL70wm71nGfmdPv4ING+DyJ3ZxFawwE1zSMjMOqQtY4IV8his/HlgXuUfIHVDK87nMNLc=";
        private static var privKey2 = "AQAB";

        public function createLogin(nickname:String) : RequestLoader
        {
            var account:AccountInfo = Users.Account

            account.Key = generateRsaKey(privKey,privKey2);

            var byteArray:ByteArray = new ByteArray();

            var tempPassword:String = "";
             var tmpPassInt:int = 0;
             while(tmpPassInt < 6)
             {
                tempPassword = tempPassword + w.charAt(int(Math.random() * 26));
                tmpPassInt++;
             }

            byteArray.writeUTFBytes (account.Account + "," + account.Password + "," + tempPassword + "," + nickname);
            var rsaEncrypted: String = rsaEncrypt(account.Key, byteArray);

            var requestV:URLVariables = RequestVariableCreater.creatWidthKey(false);
            requestV["v"] = rsaEncrypted;

            var requestLoader:RequestLoader = Loader.creatLoader("Login.ashx",requestV);
        }

        public function generateRsaKey(param1:String, param2:String) : RSAKey
        {
         var key:BigInteger = new BigInteger(Base64.decodeToByteArray(param1));
         var key2:BigInteger = new BigInteger(Base64.decodeToByteArray(param2));
         return new RSAKey(key,key2.intValue());
        }

        public function rsaEncrypt(param1:RSAKey, param2:ByteArray) : String
        {
         var byteArray:ByteArray = new ByteArray();
         param1.encrypt(param2,byteArray,param2.length);
         return Base64.encodeByteArray(byteArray);
        }
Ronald Master
  • 41
  • 3
  • There are two good ways out of it. 1. Change the encryption routine to something faster, reduce the length of original strings, or use MD5 or SHA1 that could be faster. 2. Use background **Worker** to take all the time in the world while main thread, the one that controls UI, is running and responsive. There's also way 3. Increase the execution timeout in Publish Settings, but in my personal opinion it is an extremely bad way: your app freezes while it does the thing and you also cannot tell how much time this encoding will take at any given end-user device. – Organis Jul 18 '19 at 22:41
  • There should be some problem with the lib, as the normal timeout is a huge 15s, and encrypting about 1k bytes with RSA should take a few milliseconds even with AS3. Please measure time to create a new RSA key (a key pair in fact, this operation is indeed lengthy), then do a return to event handler, and then measure time required to encrypt a 1k random bytes (encrypt only, no transferring anywhere). Maybe there is something fishy with all that Flash engine "bug patching and protection" that slows crypto operations to a crawl/halt. – Vesper Jul 19 '19 at 07:45
  • Hello, I have generated a new private/public key on this site: https://merricx.github.io/enigmator/cipher/rsa_keygen.html And now I have another error: "System.Security.Cryptography.CryptographicException: The date to be decrypted exceeds the maximum of this 128-byte module." On request – Ronald Master Jul 19 '19 at 17:56
  • Then, check the restrictions on the lib, maybe it can't encrypt more than a certain amount of data at once. Big software only uses RSA to encrypt/decrypt AES keys then use AES to encrypt/decrypt the bulk of data. – Vesper Jul 22 '19 at 04:00

1 Answers1

1

Resolved. Creating the RSAKey object through PEM:

var pem:String = "-----BEGIN PUBLIC KEY-----\n" +
                "MIqMAe3DQEBrGNADCBiQKBgQCOLfJKjA8DhOFse3ex4zdlu2oh\n" +
                "E8g1AhDBpQKMQaPaCH/irVFijsmfOsWIWyRrcDmmj2CBaS4b\n" +
                "EwsD/qANC5KpFRdCkrKM7cyi0peK3v1sZqMODdN04vc+N/JE\n" +
                "xMLoaOo8xIDAQAB\n" +
                "-----END PUBLIC KEY-----";
            PEM.readRSAPublicKey(pem);
Ronald Master
  • 41
  • 3