Jump to content
Sign in to follow this  
grasshopper3

String Encryption

Recommended Posts

grasshopper3

Hi, I am wondering the best way to encrypt a password so that it can be stored in a config file with loads settings to my script. So I need to be able to encrypt and decrypt it. I will use a password input box to hide it in the gui. Are there #include files that have some encryption functions?

Share this post


Link to post
Share on other sites
Paulie

Hi, I am wondering the best way to encrypt a password so that it can be stored in a config file with loads settings to my script. So I need to be able to encrypt and decrypt it. I will use a password input box to hide it in the gui. Are there #include files that have some encryption functions?

_StringEncrypt()

_Crypt_EncryptData()

I'm gonna go out on a limb and guess you didn't search the helpfile...

Edited by Paulie

Share this post


Link to post
Share on other sites
Juvigy

There are SHA1,MD5,RC4,BASE64,CRC32 encryption UDF's available. Base64.au3 should be enough for you.

Share this post


Link to post
Share on other sites
Shafayat

Juvigy, forgive my ignorance but there might be a little chance that those algorithms you mentioned are not encryption algorithms. They are hashing algorithms. Encryption algorithms are AES, blowfish etc. (all available in the Crypt.au3 library of course)


[Not using this account any more. Using "iShafayet" instead]

Share this post


Link to post
Share on other sites
grasshopper3

I am looking for an encryption that can't be easily guessed. For example if a person has autoit experience they don't automatically know that i used a particular encryption. I might even have it switch algorithms every time i save settings just to mix things up.

Thanks for all the feedback

Edited by grasshopper3

Share this post


Link to post
Share on other sites
Shafayat

Let me put it clearly.

Obscurity is usually fake security. A new algorithm is thousand times more vulnerable than an algorithm that has been used and tested and proved very robust.

For example, no matter how clever a programmer you are you can never be one hundred percent sure without thorough testing (which involves many researchers and a laboratory with supercomputers) that you'll make an algorithm that encrypts better than the current standards.

Follow my advice and use AES 256. That is just the security you need. Just make sure you use a very long (50 plus characters) and complex (with digits, alphabets, signs) password for it.

And, always search the help file before asking. It saves both your and our time.


[Not using this account any more. Using "iShafayet" instead]

Share this post


Link to post
Share on other sites
spudw2k

...Follow my advice and use AES 256.

I agree...using a strong encryption method is the best way to go, however if you are only storing credential information use SHA-1 for hashing instead of data encryption.

edit: It is much more secure to verify the hash algo calculates the same hash than too decrypt the password. Less chance of the "key" becoming compromised.

Edited by spudw2k

Share this post


Link to post
Share on other sites
grasshopper3

Where do I get the "$iALG_ID - The algorithm to use" for the function...

_Crypt_EncryptData($vData, $vCryptKey, $iALG_ID, $fFinal = True)

Share this post


Link to post
Share on other sites
zorphnog

$CALG_MD2
$CALG_MD4
$CALG_MD5
$CALG_SHA1
$CALG_3DES
$CALG_AES_128
$CALG_AES_192
$CALG_AES_256
$CALG_DES
$CALG_RC2
$CALG_RC4

Share this post


Link to post
Share on other sites
spudw2k

Where do I get the "$iALG_ID - The algorithm to use" for the function...

_Crypt_EncryptData($vData, $vCryptKey, $iALG_ID, $fFinal = True)

In the Crypt.au3 include file. zorphnog has conveniently put them up for you. Not all support hashing, and not all are for encryption/decryption. Use hashing for credentials _Crypt_HashData(), use encryption for data confidentiality _Crypt_EncryptData()

Edited by spudw2k

Share this post


Link to post
Share on other sites
grasshopper3

Alright if I use hashing... How do I decrypt/ Un-hash the string when I want it to show up in my gui? I only want it to be hashed in the config file and readable data when in the gui. I tried _Crypt_EncryptData() when I tried _Crypt_DecryptData() to view the string i don't get what i expect. I used the same key for encrypting and decrypting.

Share this post


Link to post
Share on other sites
spudw2k

Alright if I use hashing... How do I decrypt/ Un-hash the string when I want it to show up in my gui? I only want it to be hashed in the config file and readable data when in the gui. I tried _Crypt_EncryptData() when I tried _Crypt_DecryptData() to view the string i don't get what i expect. I used the same key for encrypting and decrypting.

Firstly, Hashing is not the same as encrypting. It is a one-way process which is intended to not be reversed (decrypted) easily.

Secondly to answer your last question, your decrypted data is probably still binary. Use BinaryToString() to convert it to text.

Lastly, here's an example of Hashing from the Helpfile (modified to use SHA1 instead of MD5).

#include  <Crypt.au3>

; Example of hashing data and using it to authenticate password

; This is the SHA hash of the correct password
$bPasswordHash="0x3752417AAFBDB6E132D536664E24F15469A8C599"

$sPassword=InputBox("Login","Please type the correct password.","Yellow fruit that is popular among monkeys")

If _Crypt_HashData($sPassword,$CALG_SHA1)=$bPasswordHash Then
    MsgBox(64,"Access Granted","Password correct!")
Else
    MsgBox(16,"Access Denied","You entered the wrong password!")
EndIf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×