rc1986 Posted January 12, 2016 Share Posted January 12, 2016 Good morning,I currently have a little application that I have used the Crypt.au3 include to provide a basic form of encryption. I have a little GUI which prompts the user to enter their passwords, this is then encrypted and written to a text file in its encrypted form. When this user/password is required the code decrypts it and uses it on the fly.The way I am currently doing this is by using a passkey or master key withing the script itself to decrypt/encrypt. This is the bit that concerns me as of course this isn't very secure. Initially this didn't matter to me as what I'd created was much better than previous plain sight passwords in batch files etc however now I'd like to find a way of improving the security.Would anyone be able to offer any insight or other techniques/3rd party app integration etc to assist with my problem? Thanks Rob Link to comment Share on other sites More sharing options...
rc1986 Posted January 12, 2016 Author Share Posted January 12, 2016 Ignore me I've found a few posts to assist, clearly didn't look hard enough the first time. Thanks Rob Link to comment Share on other sites More sharing options...
spudw2k Posted January 12, 2016 Share Posted January 12, 2016 If you are only doing authentication/validation there is no need to store the encrypted password. Instead you can use a hashing algorithm to produce and store a one-way hash for a given password; then in your script, when you prompt for the password you simply compare the calculated hash with the stored one. Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX BuilderMisc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retreive SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose ArrayProjects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalcCool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF Link to comment Share on other sites More sharing options...
jchd Posted January 12, 2016 Share Posted January 12, 2016 Add salt! This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now